Is there a public PoC exploit available for CVE-2019-25478?

Yes, a public proof-of-concept exploit is available for CVE-2019-25478. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2019-25478?

Within 24 hours: Identify all systems running GetGo Download Manager 6.2.2.3300 and assess business criticality. Within 7 days: Implement network-level mitigations (WAF rules, HTTP header validation, connection timeouts) and consider disabling the application if non-essential. Within 30 days: Evaluate alternative download management solutions, contact vendor for patch status, or plan controlled upgrade to patched version when available.

CVE-2019-25478

Q: What is the CVSS score of CVE-2019-25478?

CVE-2019-25478 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

HIGH

Out-of-bounds Write (CWE-787)

2026-03-11 disclosure@vulncheck.com

Buffer Overflow Denial Of Service Memory Corruption

8.7

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

8.7 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 15, 2026 - 15:22 NVD

7.5 (HIGH) 8.7 (HIGH)

Analysis Generated

Mar 12, 2026 - 22:07 vuln.today

PoC Detected

Mar 12, 2026 - 21:08 vuln.today

Public exploit code

CVE Published

Mar 11, 2026 - 19:16 nvd

HIGH 7.5

DescriptionCVE.org

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make it unavailable.

AnalysisAI

Technical ContextAI

Classified as CWE-787 (Out-of-bounds Write). GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make it unavailable.

Affected ProductsAI

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP res

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.

CVE-2019-25478 vulnerability details – vuln.today

Back