CVE-2025-7247 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7247?

CVE-2025-7247 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of IrfanView with the CADImage plugin. Attackers can exploit this by tricking users into opening malicious DXF files or visiting malicious web pages. Users of IrfanView with the CADImage plugin are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of IrfanView with the CADImage plugin. Attackers can exploit this by tricking users into opening malicious DXF files or visiting malicious web pages. Users of IrfanView with the CADImage plugin are affected.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to the patched release

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires IrfanView with CADImage plugin installed. User interaction needed (opening malicious file).

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to malware installation, data exfiltration, or persistence mechanisms being established on the compromised system.

🟢

If Mitigated

Limited impact due to application sandboxing or restricted user privileges, potentially resulting in application crash rather than code execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

User interaction required (opening malicious DXF file). ZDI has published advisory but no public exploit code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IrfanView website for latest version

Vendor Advisory: https://www.irfanview.com/

Restart Required: No

Instructions:

1. Visit https://www.irfanview.com/
2. Download latest version of IrfanView
3. Install update over existing installation
4. Verify CADImage plugin is updated

🔧 Temporary Workarounds

Disable CADImage Plugin

windows

Remove or disable the vulnerable CADImage plugin from IrfanView

Navigate to IrfanView plugins directory and remove CADImage plugin files

Block DXF Files

windows

Prevent IrfanView from opening DXF files via file association changes

Use Windows Settings > Apps > Default apps to change DXF file associations

🧯 If You Can't Patch

Restrict user privileges to limit impact of potential exploitation
Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check IrfanView Help > About for version number and verify CADImage plugin is installed

Check Version:

irfanview.exe /?

Verify Fix Applied:

Verify IrfanView version is updated to latest and attempt to open known safe DXF files

📡 Detection & Monitoring

Log Indicators:

IrfanView crash logs with memory access violations
Unexpected process creation from IrfanView

Network Indicators:

Downloads of DXF files from untrusted sources
Outbound connections from IrfanView process

SIEM Query:

Process Creation where Image contains 'irfanview' AND ParentImage not contains 'explorer'

📊 Metadata

CVE ID: CVE-2025-7247

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 25, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-499/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7247, you might also want to check these: