Cyber Resilience

CVE-2018-25304

HighPublic PoC

Published: 29 April 2026

Published
29 April 2026
Modified
26 May 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 4.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2018-25304 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Filehippo (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2018-25304 is a local buffer overflow vulnerability in Free Download Manager 2.0 Built 417. The flaw exists in the URL import functionality, specifically when using the File > Import > Import lists of downloads menu. Processing a crafted malicious URL file triggers a buffer overflow in the Location header response, which overwrites the structured exception handler (SEH) chain and enables arbitrary code execution. It is classified under CWE-120 and carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A local attacker can exploit this vulnerability by providing a specially crafted URL file to a user running the affected software. When the user imports the file through the specified menu, the buffer overflow disrupts the SEH chain, allowing the attacker to execute arbitrary code with the privileges of the application process. This grants high impacts on confidentiality, integrity, and availability, potentially leading to full system compromise if the application runs with elevated privileges.

Advisories and related resources provide further details on the vulnerability. The VulnCheck advisory (https://www.vulncheck.com/advisories/free-download-manager-built-417-local-buffer-overflow-seh) describes the SEH exploitation, while Exploit-DB hosts a proof-of-concept exploit (https://www.exploit-db.com/exploits/44499). No patches or specific mitigations are detailed in the provided information; security practitioners should discontinue use of Free Download Manager 2.0 Built 417 and monitor for vendor updates.

EU & UK References

Vulnerability details

Free Download Manager 2.0 Build 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation. Attackers can craft a malicious URL file that, when imported through…

more

the File > Import > Import lists of downloads menu, causes a buffer overflow in the Location header response that overwrites the SEH chain and executes arbitrary code.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local buffer overflow in client app triggered by importing malicious file enables code execution (T1204.002) and potential privilege escalation (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-37029Shared CWE-120
CVE-2018-25299Shared CWE-120
CVE-2026-1679Shared CWE-120
CVE-2026-28925Shared CWE-120
CVE-2018-9387Shared CWE-120
CVE-2025-71263Shared CWE-120
CVE-2020-37049Shared CWE-120
CVE-2025-47388Shared CWE-120
CVE-2018-25263Shared CWE-120
CVE-2022-49754Shared CWE-120

Affected Assets

Filehippo
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces validation of all input (including imported URL files and Location headers) to reject oversized or malformed data before a buffer copy occurs.

prevent

Requires hardware-enforced memory protections (ASLR, DEP, stack canaries) that block SEH overwrite and subsequent arbitrary-code execution even if a buffer overflow is triggered.

prevent

Limits the privileges under which Free Download Manager runs so that successful SEH-based code execution cannot immediately compromise the full system.

References