CVE-2025-7264
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious CGM files with IrfanView's CADImage plugin. Attackers can achieve remote code execution in the context of the current user process. Users of IrfanView with the vulnerable CADImage plugin are affected.
💻 Affected Systems
- IrfanView CADImage Plugin
📦 What is this software?
Cadimage by Cadsofttools
Cadimage by Cadsofttools
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via remote code execution leading to data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Malware installation or data exfiltration when users open malicious CGM files from email attachments or downloaded from untrusted sources.
If Mitigated
Limited impact with proper application sandboxing and user privilege restrictions, potentially only crashing the application.
🎯 Exploit Status
Exploitation requires user interaction to open malicious CGM file. The vulnerability is an out-of-bounds read that can lead to RCE.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown specific version - check vendor advisory
Vendor Advisory: https://www.irfanview.com/
Restart Required: No
Instructions:
1. Visit the official IrfanView website. 2. Download and install the latest version. 3. Ensure CADImage plugin is updated. 4. Verify CGM file parsing works correctly.
🔧 Temporary Workarounds
Disable CGM file association
windowsRemove CGM file type association with IrfanView to prevent automatic opening
Control Panel > Default Programs > Associate a file type or protocol with a program > Remove .cgm association with IrfanView
Block CGM files at perimeter
allConfigure email and web gateways to block .cgm file attachments
🧯 If You Can't Patch
- Implement application whitelisting to prevent unauthorized execution
- Run IrfanView with restricted user privileges (non-admin account)
🔍 How to Verify
Check if Vulnerable:
Check IrfanView version and CADImage plugin version against vendor advisoryCheck Version:
Open IrfanView > Help > About or check plugin manager for CADImage versionVerify Fix Applied:
Verify IrfanView and CADImage plugin are updated to latest versions from official source📡 Detection & Monitoring
Log Indicators:
- IrfanView crash logs when opening CGM files
- Windows Application Error events related to IrfanView
Network Indicators:
- Downloads of .cgm files from untrusted sources
- Email attachments with .cgm extensions
SIEM Query:
EventID=1000 OR EventID=1001 AND ProcessName="i_view32.exe" OR ProcessName="i_view64.exe"