CVE-2025-7249 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7249?

CVE-2025-7249 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The memory corruption flaw in DWG parsing can lead to complete system compromise. All users of IrfanView with the vulnerable CADImage plugin are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The memory corruption flaw in DWG parsing can lead to complete system compromise. All users of IrfanView with the vulnerable CADImage plugin are affected.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to the patched release (specific version TBD from vendor advisory)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires IrfanView with CADImage plugin installed. User must open a malicious DWG file.

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Malicious actors distributing weaponized DWG files via email or websites to execute malware on victim systems, leading to credential theft or backdoor installation.

🟢

If Mitigated

Limited impact with proper application whitelisting and user training preventing successful exploitation attempts.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

User interaction required (opening malicious file). Memory corruption vulnerabilities in file parsers are commonly weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IrfanView website for latest CADImage plugin update

Vendor Advisory: https://www.irfanview.com/

Restart Required: No

Instructions:

1. Visit https://www.irfanview.com/
2. Download latest IrfanView version
3. Install update
4. Verify CADImage plugin is updated

🔧 Temporary Workarounds

Disable CADImage Plugin

windows

Remove or disable the vulnerable CADImage plugin from IrfanView

Navigate to IrfanView plugins folder and remove CADImage.dll or rename to disable

Block DWG File Association

windows

Prevent IrfanView from opening DWG files by default

Control Panel > Default Programs > Associate a file type > Change .dwg to open with different application

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of IrfanView
Use email/web filtering to block DWG attachments and downloads

🔍 How to Verify

Check if Vulnerable:

Check IrfanView Help > About dialog for version and plugin information

Check Version:

irfanview.exe /?

Verify Fix Applied:

Verify IrfanView and CADImage plugin versions match latest patched releases from vendor

📡 Detection & Monitoring

Log Indicators:

IrfanView crash logs with memory access violations
Windows Application Event Logs showing IrfanView crashes

Network Indicators:

DWG file downloads from suspicious sources
Outbound connections from IrfanView process post-DWG file opening

SIEM Query:

Process:irfanview.exe AND (FileExtension:.dwg OR Crash OR MemoryAccessViolation)

📊 Metadata

CVE ID: CVE-2025-7249

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 25, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-492/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7249, you might also want to check these: