Vulnerability DatabaseCVE-2019-25683

CVE-2019-25683:
FileZilla FTP Client vulnerability analysis and mitigation

FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and 'CCCC' sequences in the search directory field and initiating a local search operation.

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

6.9

Score

Published April 5, 2026

Severity MEDIUM

CNA Score 6.9

Affected Technologies

FileZilla FTP Client

Has Public Exploit Yes

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 3.1

Exploitation Probability (EPSS) N/A

Affected packages and libraries

cpe:2.3:a:filezilla-project:filezilla_client

Sources

VulnCheck NVD++
- Linux Severity MEDIUMNo FixAdded at: Apr 10, 2026
- Windows Severity MEDIUMNo FixAdded at: Apr 10, 2026
NVD
- Linux Severity MEDIUMNo FixAdded at: Apr 12, 2026
- Windows Severity MEDIUMNo FixAdded at: Apr 12, 2026

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related FileZilla FTP Client vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2023-53959	HIGH	8.5	FileZilla FTP Client	cpe:2.3:a:filezilla-project:filezilla_client	No	Yes	Dec 19, 2025
CVE-2016-15003	HIGH	7.8	FileZilla FTP Client	cpe:2.3:a:filezilla-project:filezilla_client	No	Yes	Jul 18, 2022
CVE-2019-25683	MEDIUM	6.9	FileZilla FTP Client	cpe:2.3:a:filezilla-project:filezilla_client	No	No	Apr 05, 2026
CVE-2024-31497	MEDIUM	5.9	NixOS	libfilezilla	No	Yes	Apr 15, 2024
CVE-2023-48795	MEDIUM	5.9	Python	cert-manager	No	Yes	Dec 18, 2023