CVE-2025-7266 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7266?

CVE-2025-7266 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DXF files with IrfanView's CADImage plugin. Attackers can gain control of the affected system through memory corruption. Users of IrfanView with the CADImage plugin installed are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DXF files with IrfanView's CADImage plugin. Attackers can gain control of the affected system through memory corruption. Users of IrfanView with the CADImage plugin installed are affected.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to the patched release

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the CADImage plugin to be installed and enabled in IrfanView. DXF file association with IrfanView increases risk.

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's machine, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Malware installation or data exfiltration when users open malicious DXF files from untrusted sources like email attachments or downloaded files.

🟢

If Mitigated

Limited impact if users only open trusted DXF files and have proper endpoint protection, though risk remains for targeted attacks.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

User interaction required (opening malicious file). Memory corruption vulnerabilities in file parsers are commonly weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IrfanView website for latest CADImage plugin update

Vendor Advisory: https://www.irfanview.com/

Restart Required: No

Instructions:

1. Visit https://www.irfanview.com/
2. Download latest IrfanView version
3. Install or update CADImage plugin
4. Verify plugin is updated

🔧 Temporary Workarounds

Disable DXF file association

windows

Remove IrfanView as default handler for DXF files

Control Panel > Default Programs > Set Default Programs > Select IrfanView > Choose defaults > Uncheck .DXF

Remove CADImage plugin

windows

Temporarily remove vulnerable plugin until patched

Navigate to IrfanView plugins folder and delete or rename CADImage plugin file

🧯 If You Can't Patch

Implement application whitelisting to block IrfanView execution
Use email/web filtering to block DXF attachments and downloads

🔍 How to Verify

Check if Vulnerable:

Check IrfanView Help > About Plugins for CADImage plugin version

Check Version:

irfanview.exe /plugins

Verify Fix Applied:

Verify CADImage plugin version matches latest from vendor website

📡 Detection & Monitoring

Log Indicators:

IrfanView process spawning unexpected child processes
Multiple DXF file open attempts from same source

Network Indicators:

Outbound connections from IrfanView process to unknown IPs
Unusual network traffic following DXF file access

SIEM Query:

process_name:"i_view32.exe" OR process_name:"i_view64.exe" AND (file_extension:".dxf" OR parent_process:explorer.exe)

📊 Metadata

CVE ID: CVE-2025-7266

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 25, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-514/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7266, you might also want to check these: