CVE-2025-7278
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DXF files with IrfanView's CADImage plugin. Attackers can gain control of the affected system with the same privileges as the user running IrfanView. All users of IrfanView with the vulnerable CADImage plugin are affected.
💻 Affected Systems
- IrfanView CADImage Plugin
📦 What is this software?
Cadimage by Cadsofttools
Cadimage by Cadsofttools
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the victim's machine, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation leading to malware installation, credential theft, or system disruption for the affected user account.
If Mitigated
Limited impact if user runs with minimal privileges, but still potential for data loss or system disruption within user context.
🎯 Exploit Status
Requires user interaction (opening malicious file). Memory corruption vulnerabilities often have reliable exploitation paths once understood.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific version
Vendor Advisory: https://www.irfanview.com/
Restart Required: No
Instructions:
1. Visit https://www.irfanview.com/
2. Download latest version of IrfanView
3. Install update, which should include fixed CADImage plugin
4. Verify plugin version is updated
🔧 Temporary Workarounds
Disable CADImage Plugin
windowsRemove or disable the vulnerable plugin to prevent DXF file parsing
Navigate to IrfanView plugins directory and remove or rename CADImage plugin file
Block DXF File Extensions
windowsPrevent DXF files from being opened with IrfanView
Use Group Policy or registry to modify file associations for .dxf files
🧯 If You Can't Patch
- Implement application whitelisting to block IrfanView execution
- Use network segmentation to isolate systems running IrfanView from critical assets
🔍 How to Verify
Check if Vulnerable:
Check IrfanView Help > About dialog for version information and compare with vendor advisoryCheck Version:
irfanview.exe /?Verify Fix Applied:
Verify IrfanView version is updated to patched version specified in vendor advisory📡 Detection & Monitoring
Log Indicators:
- IrfanView process crashes when opening DXF files
- Unusual process creation from IrfanView executable
Network Indicators:
- Downloads of DXF files from untrusted sources
- Outbound connections from IrfanView process to unknown IPs
SIEM Query:
Process Creation where Image contains 'i_view' AND CommandLine contains '.dxf'