CVE-2025-7236
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The memory corruption flaw occurs during DWG file parsing due to insufficient input validation. Users of IrfanView with the vulnerable CADImage plugin are affected.
💻 Affected Systems
- IrfanView CADImage Plugin
📦 What is this software?
Cadimage by Cadsofttools
Cadimage by Cadsofttools
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining the same privileges as the user running IrfanView, potentially leading to data theft, ransomware deployment, or lateral movement.
Likely Case
Malware installation or data exfiltration when users open malicious DWG files from untrusted sources.
If Mitigated
Limited impact with proper application whitelisting and user training preventing malicious file execution.
🎯 Exploit Status
Requires user interaction (opening malicious file). Exploit requires crafting specific DWG files to trigger memory corruption.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check IrfanView website for latest version with fix
Vendor Advisory: https://www.irfanview.com/
Restart Required: No
Instructions:
1. Visit https://www.irfanview.com/
2. Download latest version of IrfanView
3. Install update, ensuring CADImage plugin is updated
4. Verify plugin version in IrfanView plugins list
🔧 Temporary Workarounds
Disable CADImage Plugin
windowsRemove or disable the vulnerable CADImage plugin from IrfanView installation
Navigate to IrfanView plugins folder and remove CADImage.dll or rename to disable
Block DWG File Association
windowsPrevent IrfanView from opening DWG files by default
Control Panel > Default Programs > Associate file type with program > Change .dwg to different application
🧯 If You Can't Patch
- Implement application whitelisting to prevent execution of IrfanView
- Educate users to never open DWG files from untrusted sources
🔍 How to Verify
Check if Vulnerable:
Check IrfanView version and CADImage plugin version. If using version before vendor patch, assume vulnerable.Check Version:
Open IrfanView > Help > About or check plugin list for CADImage versionVerify Fix Applied:
Verify IrfanView and CADImage plugin are updated to latest versions from official website.📡 Detection & Monitoring
Log Indicators:
- IrfanView process crashes when opening DWG files
- Unexpected child processes spawned from IrfanView
Network Indicators:
- Outbound connections from IrfanView process to suspicious IPs
SIEM Query:
Process Creation where Parent Image contains 'i_view' AND (Command Line contains '.dwg' OR Image contains suspicious patterns)