CVE-2019-25478

HIGH

GetGo Download Manager 6.2.2.3300 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25478. PoCs published by Malav Vyas.

AI-analyzed exploit summary This Python script exploits a buffer overflow vulnerability in GetGo Download Manager 6.2.2.3300 by sending an oversized HTTP response to trigger a Denial of Service (DoS). The exploit binds to a local port, waits for a connection, and sends a maliciously crafted HTTP response with a 6000-byte buffer.

Description

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make it unavailable.

Exploits (1)

exploitdb WORKING POC

by Malav Vyas · textdoswindows_x86-64

https://www.exploit-db.com/exploits/47282

View Code ZIP pw:eip

This Python script exploits a buffer overflow vulnerability in GetGo Download Manager 6.2.2.3300 by sending an oversized HTTP response to trigger a Denial of Service (DoS). The exploit binds to a local port, waits for a connection, and sends a maliciously crafted HTTP response with a 6000-byte buffer.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: GetGo Download Manager 6.2.2.3300

No auth needed

Prerequisites: Network access to the target · GetGo Download Manager running on the target system

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Mar 12, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/47282

Various Sources product

http://www.getgosoft.com/getgodm/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/getgo-download-manager-buffer-overflow-dos

Scores

CVSS v3 7.5

EPSS 0.0049

EPSS Percentile 38.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-787

Status published

Products (1)

Getgosoft/GetGo Download Manager 6.2.2.3300

Published Mar 11, 2026

Tracked Since Mar 12, 2026