CVE-2025-7233 – This vulnerability in IrfanView's CADImage plug... (How to Fix)

Q: What is the severity of CVE-2025-7233?

CVE-2025-7233 has a CVSS score of 5.5 (MEDIUM). This vulnerability in IrfanView's CADImage plugin allows attackers to read memory beyond allocated buffers when processing malicious DWG files, potentially disclosing sensitive information. Users who open specially crafted DWG files or visit malicious websites hosting such files are affected. The vulnerability requires user interaction but could be combined with other exploits for more severe attacks.

📋 TL;DR

This vulnerability in IrfanView's CADImage plugin allows attackers to read memory beyond allocated buffers when processing malicious DWG files, potentially disclosing sensitive information. Users who open specially crafted DWG files or visit malicious websites hosting such files are affected. The vulnerability requires user interaction but could be combined with other exploits for more severe attacks.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Specific versions not detailed in advisory; check vendor patch notes

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires IrfanView with CADImage plugin installed and DWG file support enabled

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure leads to memory content leakage, which could reveal sensitive data or be combined with other vulnerabilities for arbitrary code execution.

🟠

Likely Case

Information disclosure from memory reads, potentially exposing application data or system information.

🟢

If Mitigated

Limited impact with proper file validation and user awareness preventing malicious file execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious file; ZDI advisory suggests exploit possible

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IrfanView updates for CADImage plugin fixes

Vendor Advisory: https://www.irfanview.com/

Restart Required: Yes

Instructions:

1. Open IrfanView
2. Go to Help > Check for Updates
3. Install latest version
4. Restart application

🔧 Temporary Workarounds

Disable DWG file association

windows

Remove DWG file type association with IrfanView to prevent automatic opening

Control Panel > Default Programs > Associate a file type or protocol with a program > Remove .dwg association with IrfanView

Block DWG downloads

all

Use web filtering to block .dwg file downloads from untrusted sources

🧯 If You Can't Patch

Implement application whitelisting to prevent IrfanView execution
Use sandboxed environments for opening untrusted DWG files

🔍 How to Verify

Check if Vulnerable:

Check IrfanView version and CADImage plugin version against vendor advisory

Check Version:

Open IrfanView > Help > About

Verify Fix Applied:

Verify IrfanView is updated to latest version and CADImage plugin is patched

📡 Detection & Monitoring

Log Indicators:

IrfanView crash logs when processing DWG files
Unexpected memory access errors in application logs

Network Indicators:

Downloads of .dwg files from untrusted sources

SIEM Query:

process_name:"i_view32.exe" AND file_extension:".dwg"

📊 Metadata

CVE ID: CVE-2025-7233

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-125

EPSS Score: 0.02% exploit probability (5.2th percentile)

Published: July 21, 2025

Last Updated: July 25, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-494/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7233, you might also want to check these: