CVE-2025-7282 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7282?

CVE-2025-7282 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DXF files with IrfanView's CADImage plugin. Attackers can achieve full system compromise in the context of the current user. All users of IrfanView with the vulnerable CADImage plugin are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DXF files with IrfanView's CADImage plugin. Attackers can achieve full system compromise in the context of the current user. All users of IrfanView with the vulnerable CADImage plugin are affected.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to the patched release

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires IrfanView with CADImage plugin installed. User must open a malicious DXF file.

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the logged-in user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malware installation, data exfiltration, or system disruption through crafted DXF files sent via email or downloaded from malicious websites.

🟢

If Mitigated

Limited impact due to user awareness training, application sandboxing, and network segmentation preventing successful exploitation.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

User interaction required (opening malicious file). Memory corruption vulnerability with reliable exploitation likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IrfanView website for latest version

Vendor Advisory: https://www.irfanview.com/

Restart Required: Yes

Instructions:

1. Visit https://www.irfanview.com/
2. Download latest version of IrfanView
3. Install update
4. Restart system

🔧 Temporary Workarounds

Disable CADImage Plugin

windows

Remove or disable the vulnerable CADImage plugin from IrfanView installation

Navigate to IrfanView plugins directory and remove CADImage.dll or similar plugin files

Block DXF File Association

windows

Prevent IrfanView from opening DXF files by default

Control Panel > Default Programs > Associate a file type or protocol with a program > Change .dxf to open with different application

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized IrfanView execution
Use email/web filtering to block DXF attachments and downloads from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check IrfanView Help > About for version number and compare with latest version on official website

Check Version:

irfanview.exe /?

Verify Fix Applied:

Verify IrfanView version matches or exceeds patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

IrfanView process crashes when opening DXF files
Unusual process spawning from IrfanView

Network Indicators:

Downloads of DXF files from suspicious sources
Outbound connections from IrfanView process

SIEM Query:

Process Creation where Image contains 'irfanview' AND Parent Process contains 'explorer'

📊 Metadata

CVE ID: CVE-2025-7282

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 25, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-530/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7282, you might also want to check these: