CVE-2025-7268
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DXF files with IrfanView's CADImage plugin. The flaw exists in improper buffer validation during DXF parsing, enabling out-of-bounds reads that can lead to remote code execution. Users of IrfanView with the CADImage plugin are affected.
💻 Affected Systems
- IrfanView CADImage Plugin
📦 What is this software?
Cadimage by Cadsofttools
Cadimage by Cadsofttools
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining the same privileges as the user running IrfanView, potentially leading to data theft, ransomware deployment, or lateral movement.
Likely Case
Malware installation or data exfiltration when users open malicious DXF files from untrusted sources.
If Mitigated
Limited impact with proper application sandboxing and user privilege restrictions, potentially only causing application crashes.
🎯 Exploit Status
Exploitation requires user interaction to open malicious DXF file. The vulnerability is documented by ZDI (ZDI-CAN-26182) suggesting research exists.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown specific version - check IrfanView updates
Vendor Advisory: https://www.irfanview.com/
Restart Required: Yes
Instructions:
1. Open IrfanView
2. Go to Help → Check for Updates
3. Download and install latest version
4. Restart IrfanView
🔧 Temporary Workarounds
Disable CADImage Plugin
windowsRemove or disable the vulnerable CADImage plugin from IrfanView
Navigate to IrfanView plugins folder and remove or rename CADImage.dll
Change DXF File Association
windowsChange default program for DXF files to a different application
Right-click DXF file → Open With → Choose Another App → Select different program
🧯 If You Can't Patch
- Run IrfanView with restricted user privileges (not as administrator)
- Implement application whitelisting to block IrfanView execution
🔍 How to Verify
Check if Vulnerable:
Check IrfanView version and verify if CADImage plugin is installed/enabledCheck Version:
Open IrfanView → Help → About IrfanViewVerify Fix Applied:
Confirm IrfanView is updated to latest version and CADImage plugin version is updated📡 Detection & Monitoring
Log Indicators:
- IrfanView crash logs with memory access violations
- Unexpected IrfanView processes spawning child processes
Network Indicators:
- IrfanView making unexpected outbound connections after opening DXF files
SIEM Query:
Process Creation where Image contains 'i_view' AND Parent Process is user-initiated AND Command Line contains '.dxf'