Cyber Posture

CVE-2019-25478

HighPublic PoC

Published: 11 March 2026

Published
11 March 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0013 31.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-25478 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Getgosoft (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, ranked at the 31.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-16 Memory Protection
addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

NVD Description

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application…

more

and make it unavailable.

Deeper analysisAI

CVE-2019-25478 is a buffer overflow vulnerability (CWE-787) affecting GetGo Download Manager version 6.2.2.3300. The flaw occurs when the application processes HTTP responses with excessively long headers, leading to a crash. This issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its high severity due to the potential for significant availability disruption.

Remote attackers can exploit this vulnerability without authentication or user interaction by crafting and sending malicious HTTP responses containing oversized header values. Successful exploitation crashes the GetGo Download Manager application, rendering it unavailable and causing a denial-of-service condition for affected users.

Advisories and references, including those from VulnCheck (https://www.vulncheck.com/advisories/getgo-download-manager-buffer-overflow-dos) and an Exploit-DB entry (https://www.exploit-db.com/exploits/47282), document the vulnerability and provide proof-of-concept details. The vendor site (http://www.getgosoft.com/getgodm/) is referenced, though no specific patch information is detailed in the available data.

A public exploit is available on Exploit-DB, indicating demonstrated feasibility for reproduction, though no evidence of widespread real-world exploitation is noted.

Details

CWE(s)
CWE-787

Affected Products

Getgosoft
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-20890Shared CWE-787
CVE-2019-25681Shared CWE-787
CVE-2026-23715Shared CWE-787
CVE-2025-21161Shared CWE-787
CVE-2026-21327Shared CWE-787
CVE-2025-21042Shared CWE-787
CVE-2026-3094Shared CWE-787
CVE-2026-27703Shared CWE-787
CVE-2026-31698Shared CWE-787
CVE-2025-20888Shared CWE-787

References