VYPR
Unrated severityNVD Advisory· Published Dec 18, 2025· Updated Apr 7, 2026

Hubstaff 1.6.14 DLL Search Order Hijacking via wow64log Library

CVE-2023-53937

Description

Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application startup.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Hubstaff/Hubstaffllm-create2 versions
    = 1.6.14+ 1 more
    • (no CPE)range: = 1.6.14
    • (no CPE)range: 1.6.13, 1.6.14

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.