CVE-2025-7255 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7255?

CVE-2025-7255 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The flaw exists in how the plugin parses DWG files, leading to memory corruption. Users of IrfanView with the CADImage plugin installed are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The flaw exists in how the plugin parses DWG files, leading to memory corruption. Users of IrfanView with the CADImage plugin installed are affected.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to the fix

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires IrfanView with CADImage plugin installed and configured to handle DWG files.

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the user running IrfanView, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malware installation or data exfiltration when users open malicious DWG files from untrusted sources.

🟢

If Mitigated

Limited impact if users only open trusted files and have proper endpoint protection.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious file. No public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IrfanView updates or plugin updates

Vendor Advisory: https://www.irfanview.com/

Restart Required: No

Instructions:

1. Open IrfanView
2. Go to Help > Check for Updates
3. Install any available updates
4. Verify CADImage plugin is updated

🔧 Temporary Workarounds

Disable DWG file association

windows

Prevent IrfanView from automatically opening DWG files

Control Panel > Default Programs > Associate a file type or protocol with a program > Change .dwg to open with different application

Remove CADImage plugin

windows

Temporarily remove the vulnerable plugin

Delete or rename the CADImage plugin DLL file in IrfanView plugins folder

🧯 If You Can't Patch

Implement application whitelisting to block IrfanView execution
Use endpoint protection with memory corruption detection

🔍 How to Verify

Check if Vulnerable:

Check IrfanView version and CADImage plugin version against patched versions

Check Version:

Open IrfanView > Help > About

Verify Fix Applied:

Verify IrfanView and CADImage plugin are updated to latest versions

📡 Detection & Monitoring

Log Indicators:

IrfanView crash logs when processing DWG files
Unexpected IrfanView process spawning child processes

Network Indicators:

Downloads of DWG files from untrusted sources

SIEM Query:

Process Creation where Image contains 'i_view' AND ParentImage contains 'explorer'

📊 Metadata

CVE ID: CVE-2025-7255

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 25, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-500/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7255, you might also want to check these: