CVE-2025-7257 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7257?

CVE-2025-7257 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DXF files with IrfanView's CADImage plugin. The memory corruption flaw occurs during DXF file parsing due to insufficient input validation. Users of IrfanView with the vulnerable CADImage plugin are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DXF files with IrfanView's CADImage plugin. The memory corruption flaw occurs during DXF file parsing due to insufficient input validation. Users of IrfanView with the vulnerable CADImage plugin are affected.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to the patched release (specific version unknown from provided data)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires IrfanView with CADImage plugin installed. User must open a malicious DXF file.

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the user running IrfanView, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malicious actors distributing weaponized DXF files via email attachments or compromised websites to execute malware on target systems.

🟢

If Mitigated

Limited impact with proper application sandboxing, user awareness training, and file type restrictions preventing DXF file execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

User interaction required (opening malicious file). ZDI-CAN-26126 tracking suggests active research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown from provided references - check IrfanView updates

Vendor Advisory: https://www.irfanview.com/

Restart Required: Yes

Instructions:

1. Open IrfanView
2. Go to Help > Check for Updates
3. Install latest version
4. Restart system

🔧 Temporary Workarounds

Disable CADImage Plugin

windows

Remove or disable the vulnerable plugin to prevent DXF file parsing

Navigate to IrfanView plugins folder and rename/remove CADImage plugin file

File Association Removal

windows

Remove DXF file association with IrfanView

Control Panel > Default Programs > Set Associations > Remove .DXF from IrfanView

🧯 If You Can't Patch

Implement application whitelisting to block IrfanView execution
Use email/web gateways to block DXF attachments and downloads

🔍 How to Verify

Check if Vulnerable:

Check IrfanView version and plugin installation. Open IrfanView > Help > About to see version.

Check Version:

irfanview.exe /?

Verify Fix Applied:

Verify IrfanView is updated to latest version and CADImage plugin is either updated or removed.

📡 Detection & Monitoring

Log Indicators:

IrfanView process crashes when opening DXF files
Unusual child processes spawned from IrfanView

Network Indicators:

Downloads of DXF files from untrusted sources
Outbound connections from IrfanView process

SIEM Query:

process_name:"i_view32.exe" OR process_name:"i_view64.exe" AND (file_extension:".dxf" OR child_process_creation)

📊 Metadata

CVE ID: CVE-2025-7257

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 25, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-503/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7257, you might also want to check these: