CVE-2025-7286 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7286?

CVE-2025-7286 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DXF files with IrfanView's CADImage plugin. The memory corruption flaw in DXF file parsing can lead to complete system compromise. Users of IrfanView with the CADImage plugin installed are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DXF files with IrfanView's CADImage plugin. The memory corruption flaw in DXF file parsing can lead to complete system compromise. Users of IrfanView with the CADImage plugin installed are affected.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to patch

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires CADImage plugin installation and user interaction to open malicious DXF file

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the user running IrfanView, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malicious actors distributing weaponized DXF files via email or websites to execute malware on victim systems.

🟢

If Mitigated

Limited impact if users don't open untrusted DXF files and plugin is disabled or removed.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

User interaction required (opening malicious file), but exploitation is straightforward once file is opened

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IrfanView updates for CADImage plugin fix

Vendor Advisory: https://www.irfanview.com/

Restart Required: No

Instructions:

1. Open IrfanView
2. Go to Help > Check for Updates
3. Install all available updates
4. Verify CADImage plugin is updated

🔧 Temporary Workarounds

Disable CADImage Plugin

windows

Remove or disable the vulnerable plugin to prevent exploitation

Navigate to IrfanView plugins folder and rename or remove CADImage plugin files

Block DXF File Extensions

windows

Prevent DXF files from being opened with IrfanView

Use Group Policy or registry to modify file associations

🧯 If You Can't Patch

Disable CADImage plugin completely
Implement application whitelisting to block IrfanView execution
Educate users not to open DXF files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check IrfanView version and CADImage plugin version against patched versions

Check Version:

Open IrfanView > Help > About

Verify Fix Applied:

Verify IrfanView and CADImage plugin are updated to latest versions

📡 Detection & Monitoring

Log Indicators:

IrfanView crash logs with memory access violations
Unexpected IrfanView processes spawning child processes

Network Indicators:

Outbound connections from IrfanView process to suspicious IPs

SIEM Query:

Process Creation where Parent Process Name contains 'i_view' AND Command Line contains '.dxf'

📊 Metadata

CVE ID: CVE-2025-7286

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 25, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-532/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7286, you might also want to check these: