CVE-2025-7240 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7240?

CVE-2025-7240 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The memory corruption flaw occurs during DWG file parsing due to improper input validation. Users of IrfanView with the vulnerable CADImage plugin are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The memory corruption flaw occurs during DWG file parsing due to improper input validation. Users of IrfanView with the vulnerable CADImage plugin are affected.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to patch

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires IrfanView with CADImage plugin installed and enabled for DWG file handling.

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the user running IrfanView, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malicious actor executes code with user privileges, potentially installing malware, stealing credentials, or accessing sensitive files.

🟢

If Mitigated

Limited impact with proper application sandboxing, user privilege restrictions, and network segmentation preventing lateral movement.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (opening malicious file). ZDI has published advisory but no public exploit code confirmed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IrfanView website for latest CADImage plugin update

Vendor Advisory: https://www.irfanview.com/

Restart Required: Yes

Instructions:

1. Visit https://www.irfanview.com/
2. Download latest IrfanView version
3. Install update
4. Restart system

🔧 Temporary Workarounds

Disable DWG file association

windows

Remove IrfanView as default handler for DWG files

Control Panel > Default Programs > Set Associations > Find .dwg > Change program

Uninstall CADImage plugin

windows

Remove vulnerable plugin component

Control Panel > Programs > Uninstall IrfanView plugins

🧯 If You Can't Patch

Implement application whitelisting to block IrfanView execution
Use network segmentation to isolate systems running IrfanView

🔍 How to Verify

Check if Vulnerable:

Check IrfanView Help > About for version and plugin information

Check Version:

irfanview.exe /?

Verify Fix Applied:

Verify IrfanView and CADImage plugin are updated to latest versions

📡 Detection & Monitoring

Log Indicators:

IrfanView process crashes when opening DWG files
Unusual child processes spawned from IrfanView

Network Indicators:

Outbound connections from IrfanView process to suspicious IPs

SIEM Query:

process_name="irfanview.exe" AND (event_id=1000 OR child_process_creation)

📊 Metadata

CVE ID: CVE-2025-7240

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 25, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-488/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7240, you might also want to check these: