CVE-2025-7244 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7244?

CVE-2025-7244 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The memory corruption flaw occurs during DWG file parsing due to insufficient input validation. Users of IrfanView with the vulnerable CADImage plugin are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The memory corruption flaw occurs during DWG file parsing due to insufficient input validation. Users of IrfanView with the vulnerable CADImage plugin are affected.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to the fix (specific version unknown from provided data)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires IrfanView with CADImage plugin installed. User interaction needed to open malicious DWG file.

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the user running IrfanView, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malware installation or data exfiltration through spear-phishing campaigns targeting users who regularly handle CAD files.

🟢

If Mitigated

No impact if users avoid opening untrusted DWG files or if the plugin is disabled/removed.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). The vulnerability is memory corruption-based, which typically requires some exploit development.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown from provided references - check IrfanView updates

Vendor Advisory: https://www.irfanview.com/

Restart Required: Yes

Instructions:

1. Open IrfanView
2. Go to Help > Check for Updates
3. Download and install latest version
4. Restart IrfanView

🔧 Temporary Workarounds

Disable CADImage Plugin

windows

Remove or disable the vulnerable plugin to prevent exploitation

Navigate to IrfanView plugins folder and remove CADImage.dll or rename it

Block DWG File Extensions

windows

Prevent IrfanView from opening DWG files via file association changes

Control Panel > Default Programs > Set Associations > Change .dwg to open with different application

🧯 If You Can't Patch

Implement application whitelisting to block IrfanView execution
Use email/web filtering to block DWG attachments from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check IrfanView version and plugin version in Help > About dialog

Check Version:

irfanview.exe /?

Verify Fix Applied:

Verify IrfanView is updated to latest version and CADImage plugin is updated or removed

📡 Detection & Monitoring

Log Indicators:

IrfanView crash logs with memory access violations
Unexpected IrfanView processes spawning child processes

Network Indicators:

Outbound connections from IrfanView process to suspicious IPs

SIEM Query:

Process Creation where Image contains 'irfanview' AND ParentImage contains 'explorer'

📊 Metadata

CVE ID: CVE-2025-7244

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 28, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-497/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7244, you might also want to check these: