CVE-2023-53937

HIGH

Hubstaff 1.6.14 - DLL Search Order Hijacking

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53937. PoCs published by Ahsan Azad.

AI-analyzed exploit summary This exploit leverages DLL search order hijacking in Hubstaff 1.6.13/1.6.14 by placing a malicious wow64log.dll in system32, which is loaded by the application during installation, resulting in remote code execution via a reverse shell.

Description

Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application startup.

Exploits (1)

exploitdb WORKING POC
by Ahsan Azad · textlocalwindows
https://www.exploit-db.com/exploits/51461

This exploit leverages DLL search order hijacking in Hubstaff 1.6.13/1.6.14 by placing a malicious wow64log.dll in system32, which is loaded by the application during installation, resulting in remote code execution via a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Hubstaff 1.6.13, 1.6.14
No auth needed
Prerequisites: Access to place DLL in system32 · Network connectivity for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/51461
Product vendor-advisory
https://hubstaff.com/

Scores

CVSS v3 7.8
EPSS 0.0019
EPSS Percentile 8.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-427
Status published
Products (3)
hubstaff/hubstaff 1.6.13
hubstaff/hubstaff 1.6.14
Hubstaff/Hubstaff 1.6.13, 1.6.14
Published Dec 18, 2025
Tracked Since Feb 18, 2026