PatchSiren cyber security CVE debrief
CVE-2018-25304 Filehippo CVE debrief
CVE-2018-25304 documents a local buffer overflow vulnerability in Free Download Manager 2.0 Build 417. The flaw exists within the application's URL import functionality, specifically when processing Location header responses during the import of download lists. An attacker can craft a malicious URL file that, when imported via File > Import > Import lists of downloads, triggers a buffer overflow condition. This overflow overwrites the Structured Exception Handler (SEH) chain, enabling arbitrary code execution under the context of the application. The vulnerability requires local access to the system and user interaction to import the malicious file, but requires no privileges and has no user interaction complexity beyond the import action itself. The CVSS 4.0 vector indicates local attack vector with low attack complexity, no required privileges, and high impacts to confidentiality, integrity, and availability. The weakness is classified as CWE-120 (Classic Buffer Overflow). The CVE was published on April 29, 2026 and last modified on May 26, 2026, with a current status of 'Deferred' in the NVD. No known exploitation in ransomware campaigns has been documented, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Filehippo
- Product
- Free Download Manager
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-29
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-04-29
- Advisory updated
- 2026-05-26
Who should care
Security operations teams managing endpoint software inventories, incident responders investigating download manager exploitation, vulnerability management programs tracking deferred CVEs, and organizations with users employing Free Download Manager for file downloads
Technical summary
A local buffer overflow in Free Download Manager 2.0 Build 417's URL import functionality allows SEH chain overwrite and arbitrary code execution when malicious URL files are imported. The vulnerability stems from insufficient bounds checking on Location header responses during the import process. Attack complexity is low with no privileges required, though local access and user interaction to perform the import are necessary. High impacts to confidentiality, integrity, and availability are possible. The weakness maps to CWE-120 (Classic Buffer Overflow). No patch timeline is available from the deferred CVE status.
Defensive priority
HIGH
Recommended defensive actions
- Audit endpoints for installations of Free Download Manager 2.0 Build 417 or earlier versions
- Restrict user permissions to prevent unauthorized installation of vulnerable download manager software
- Implement application control policies to block execution of Free Download Manager 2.0 Build 417 where patching is not feasible
- Train users to avoid importing untrusted URL files through download manager import functionality
- Monitor for suspicious file imports via File > Import > Import lists of downloads menu paths
- Review and update endpoint detection rules to identify potential SEH chain exploitation patterns in download manager processes
- Consider removing or isolating affected software pending vendor patch availability
- Validate vendor update channels for patched versions of Free Download Manager
Evidence notes
Vulnerability description derived from official CVE record and NVD source data. Vendor attribution based on reference domain candidate 'Filehippo' with low confidence requiring review. Technical details of SEH chain exploitation and import functionality path confirmed through source references. CVSS 4.0 vector and CWE-120 classification sourced from NVD metadata. Timeline dates strictly from CVE publishedAt and modifiedAt fields per source corpus.
Official resources
2026-04-29T20:16:25.760Z