CVE-2025-7242
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The flaw exists in how the plugin parses DWG files, enabling attackers to read beyond allocated buffers and potentially gain control of the affected system. Users of IrfanView with the CADImage plugin installed are affected.
💻 Affected Systems
- IrfanView CADImage Plugin
📦 What is this software?
Cadimage by Cadsofttools
Cadimage by Cadsofttools
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining the same privileges as the user running IrfanView, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation leading to malware installation, data exfiltration, or persistence mechanisms being established on the compromised system.
If Mitigated
Limited impact due to sandboxing, application whitelisting, or restricted user privileges preventing full system compromise.
🎯 Exploit Status
Exploitation requires user interaction (opening a malicious file) but the vulnerability itself has low complexity to exploit once weaponized.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check IrfanView website for latest CADImage plugin update
Vendor Advisory: https://www.irfanview.com/
Restart Required: Yes
Instructions:
1. Visit https://www.irfanview.com/
2. Download the latest version of IrfanView with updated plugins
3. Install the update, ensuring CADImage plugin is included
4. Restart the system
🔧 Temporary Workarounds
Disable CADImage Plugin
windowsRemove or disable the vulnerable CADImage plugin from IrfanView
Navigate to IrfanView plugins directory and remove CADImage.dll or disable via IrfanView settings
Block DWG File Extensions
windowsPrevent IrfanView from opening DWG files via file association changes
Use Windows Group Policy or registry to remove .dwg association with IrfanView
🧯 If You Can't Patch
- Implement application whitelisting to prevent execution of IrfanView
- Use sandboxing solutions to isolate IrfanView when opening untrusted files
🔍 How to Verify
Check if Vulnerable:
Check IrfanView Help > About dialog for plugin versions and compare with vendor advisoryCheck Version:
Open IrfanView, go to Help > About, check plugin versionsVerify Fix Applied:
Verify CADImage plugin version matches or exceeds patched version from vendor advisory📡 Detection & Monitoring
Log Indicators:
- IrfanView process crashes when opening DWG files
- Unusual process spawning from IrfanView executable
Network Indicators:
- Outbound connections from IrfanView process to unknown IPs following DWG file opening
SIEM Query:
Process Creation where Image contains 'i_view' AND CommandLine contains '.dwg'