How to fix CVE-2019-25478?

Within 24 hours: Identify all systems running GetGo Download Manager 6.2.2.3300 and assess business criticality. Within 7 days: Implement network-level mitigations (WAF rules, HTTP header validation, connection timeouts) and consider disabling the application if non-essential. Within 30 days: Evaluate alternative download management solutions, contact vendor for patch status, or plan controlled upgrade to patched version when available.

Is Golang affected by CVE-2019-25478?

GetGo Download Manager 6.2.2.3300 is vulnerable to a denial of service attack through malformed HTTP responses, potentially disrupting file download operations for affected users.

CVE-2019-25478

HIGH

2026-03-11 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:07 vuln.today

PoC Detected

Mar 12, 2026 - 21:08 vuln.today

Public exploit code

CVE Published

Mar 11, 2026 - 19:16 nvd

HIGH 7.5

Description

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make it unavailable.

Analysis

Technical Context

Classified as CWE-787 (Out-of-bounds Write). GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make it unavailable.

Affected Products

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP res

Remediation

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: +20

CVE-2019-25478 vulnerability details – vuln.today

Back

CVE-2019-25478

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2019-25478

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code