CVE-2025-7288 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7288?

CVE-2025-7288 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DXF files with IrfanView's CADImage plugin. Attackers can gain control of the affected system through memory corruption in the DXF parsing component. Users of IrfanView with the CADImage plugin installed are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DXF files with IrfanView's CADImage plugin. Attackers can gain control of the affected system through memory corruption in the DXF parsing component. Users of IrfanView with the CADImage plugin installed are affected.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to the patched release (specific version unknown from provided data)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the CADImage plugin to be installed and DXF file association with IrfanView

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the user's system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to malware installation, credential theft, or system disruption for the affected user account.

🟢

If Mitigated

Limited impact through application sandboxing or restricted user privileges, potentially causing application crashes but no code execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (opening malicious file) but exploit development is facilitated by the memory corruption nature of the vulnerability

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown from provided references - check vendor advisory

Vendor Advisory: https://www.irfanview.com/

Restart Required: No

Instructions:

1. Visit the official IrfanView website
2. Download the latest version
3. Install the update
4. Verify CADImage plugin is updated

🔧 Temporary Workarounds

Disable DXF file association

windows

Remove IrfanView as the default handler for DXF files to prevent automatic opening

Control Panel > Default Programs > Set Associations > Find .DXF > Change to another program

Remove CADImage plugin

windows

Temporarily remove the vulnerable plugin until patched

Navigate to IrfanView plugins folder and remove CADImage plugin files

🧯 If You Can't Patch

Implement application whitelisting to block IrfanView execution
Use network segmentation to isolate systems running IrfanView from critical assets

🔍 How to Verify

Check if Vulnerable:

Check IrfanView Help > About dialog for version and plugin information

Check Version:

irfanview.exe /?

Verify Fix Applied:

Verify installed version matches or exceeds patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

IrfanView crash logs with memory access violations
Unexpected IrfanView process spawning child processes

Network Indicators:

Outbound connections from IrfanView process to unknown IPs

SIEM Query:

Process Creation where Image contains 'i_view' AND ParentImage contains 'explorer'

📊 Metadata

CVE ID: CVE-2025-7288

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 25, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-534/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7288, you might also want to check these: