CVE-2025-7284 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7284?

CVE-2025-7284 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The memory corruption flaw occurs during DWG file parsing due to improper input validation. Users of IrfanView with the vulnerable CADImage plugin are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The memory corruption flaw occurs during DWG file parsing due to improper input validation. Users of IrfanView with the vulnerable CADImage plugin are affected.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to patch

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires IrfanView with CADImage plugin installed. User interaction needed (opening malicious file).

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the user running IrfanView, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malware installation or data exfiltration when users open malicious DWG files from untrusted sources.

🟢

If Mitigated

Limited impact with proper application whitelisting and user training preventing malicious file execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious DWG file. No public exploit code available at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IrfanView website for latest CADImage plugin update

Vendor Advisory: https://www.irfanview.com/

Restart Required: No

Instructions:

1. Visit IrfanView official website. 2. Download latest version of CADImage plugin. 3. Install update. 4. Verify plugin version is patched.

🔧 Temporary Workarounds

Disable CADImage Plugin

windows

Remove or disable the vulnerable CADImage plugin from IrfanView

Navigate to IrfanView plugins folder and remove CADImage.dll or rename to disable

File Association Removal

windows

Remove DWG file association with IrfanView

Control Panel > Default Programs > Set Associations > Remove .dwg from IrfanView

🧯 If You Can't Patch

Implement application whitelisting to block IrfanView execution
Use email/web filtering to block DWG attachments and educate users about file risks

🔍 How to Verify

Check if Vulnerable:

Check IrfanView > Help > About Plugins for CADImage plugin version

Check Version:

Not applicable - check via IrfanView GUI

Verify Fix Applied:

Verify CADImage plugin version matches latest patched version from vendor

📡 Detection & Monitoring

Log Indicators:

IrfanView process crashes when opening DWG files
Unusual child processes spawned from IrfanView

Network Indicators:

Outbound connections from IrfanView process to unknown IPs

SIEM Query:

Process Creation where ParentImage contains 'i_view' and CommandLine contains '.dwg'

📊 Metadata

CVE ID: CVE-2025-7284

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 25, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-536/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7284, you might also want to check these: