CVE-2025-7234 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7234?

CVE-2025-7234 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of IrfanView with the CADImage plugin. Attackers can exploit this by tricking users into opening malicious CGM files or visiting malicious web pages. Users of IrfanView with the CADImage plugin are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of IrfanView with the CADImage plugin. Attackers can exploit this by tricking users into opening malicious CGM files or visiting malicious web pages. Users of IrfanView with the CADImage plugin are affected.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to the patched release

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires IrfanView with CADImage plugin installed. User interaction needed (opening malicious file).

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Malware installation leading to data exfiltration, system disruption, or use as a foothold for further attacks within the network.

🟢

If Mitigated

Limited impact due to application sandboxing, limited user privileges, or network segmentation preventing lateral movement.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

User interaction required (opening malicious file). ZDI advisory suggests exploit is feasible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IrfanView website for latest version

Vendor Advisory: https://www.irfanview.com

Restart Required: No

Instructions:

1. Visit https://www.irfanview.com
2. Download latest version of IrfanView
3. Install update
4. Verify CADImage plugin is updated

🔧 Temporary Workarounds

Disable CADImage Plugin

windows

Remove or disable the vulnerable CADImage plugin from IrfanView

Navigate to IrfanView plugins directory and remove CADImage plugin files

Block CGM Files

all

Prevent opening of CGM files at system or network level

🧯 If You Can't Patch

Restrict user privileges to limit impact of code execution
Implement application whitelisting to prevent unauthorized executables

🔍 How to Verify

Check if Vulnerable:

Check IrfanView Help > About for version and verify CADImage plugin is present

Check Version:

Open IrfanView > Help > About

Verify Fix Applied:

Verify IrfanView version is latest and CADImage plugin version is updated

📡 Detection & Monitoring

Log Indicators:

IrfanView crash logs
Unexpected process execution from IrfanView

Network Indicators:

Downloads of CGM files from untrusted sources

SIEM Query:

Process creation where parent process is IrfanView and command line contains suspicious parameters

📊 Metadata

CVE ID: CVE-2025-7234

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 24, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-495/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7234, you might also want to check these: