CVE-2025-7262
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The flaw exists in how the plugin parses DWG files, enabling attackers to read beyond allocated buffers and potentially gain control of the affected system. Users of IrfanView with the CADImage plugin installed are affected.
💻 Affected Systems
- IrfanView CADImage Plugin
📦 What is this software?
Cadimage by Cadsofttools
Cadimage by Cadsofttools
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining the same privileges as the user running IrfanView, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Attacker executes code in the context of the current user, potentially installing malware, stealing credentials, or establishing persistence on the system.
If Mitigated
Limited impact due to proper file type restrictions, user awareness training, and application sandboxing preventing successful exploitation.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file). The vulnerability is an out-of-bounds read that can lead to RCE, suggesting moderate exploit development effort required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check IrfanView website for latest version with CADImage plugin updates
Vendor Advisory: https://www.irfanview.com/
Restart Required: No
Instructions:
1. Visit https://www.irfanview.com/
2. Download and install the latest version of IrfanView
3. Ensure CADImage plugin is updated to latest version
4. Verify plugin functionality with legitimate DWG files
🔧 Temporary Workarounds
Disable CADImage Plugin
windowsRemove or disable the vulnerable CADImage plugin from IrfanView
Navigate to IrfanView plugins directory and remove or rename CADImage plugin files
Block DWG File Extensions
windowsPrevent IrfanView from opening DWG files via file association changes
Use Windows Group Policy or registry to modify file associations for .dwg files
🧯 If You Can't Patch
- Implement application whitelisting to prevent execution of IrfanView
- Use email/web gateways to block DWG file attachments and downloads
- Deploy endpoint protection with exploit prevention capabilities
- Educate users about risks of opening untrusted DWG files
🔍 How to Verify
Check if Vulnerable:
Check IrfanView version and CADImage plugin version against vendor advisory. If using outdated versions, assume vulnerable.Check Version:
Open IrfanView → Help → About → Check version informationVerify Fix Applied:
Verify IrfanView and CADImage plugin are updated to latest versions from official source. Test with legitimate DWG files to ensure functionality.📡 Detection & Monitoring
Log Indicators:
- IrfanView crash logs when processing DWG files
- Windows Application Event Logs showing IrfanView exceptions
Network Indicators:
- Downloads of DWG files from untrusted sources
- Unusual outbound connections following DWG file opening
SIEM Query:
source="windows" AND (process="i_view64.exe" OR process="i_view32.exe") AND (event_id=1000 OR event_id=1001) AND file_extension=".dwg"