CVE-2025-7290 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7290?

CVE-2025-7290 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DXF files with IrfanView's CADImage plugin. Attackers can achieve remote code execution in the context of the current user process. Users of IrfanView with the CADImage plugin installed are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DXF files with IrfanView's CADImage plugin. Attackers can achieve remote code execution in the context of the current user process. Users of IrfanView with the CADImage plugin installed are affected.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to the fix (specific version not provided in advisory)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires IrfanView with CADImage plugin installed. DXF file association may be configured to open with IrfanView.

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the logged-in user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malware installation or data exfiltration when users open malicious DXF files from untrusted sources.

🟢

If Mitigated

Limited impact if proper application whitelisting and user education prevent execution of malicious files.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but DXF files could be delivered via email or web downloads.

🏢 Internal Only: MEDIUM - Similar risk internally if users open malicious files from network shares or email attachments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

User interaction required (opening malicious file). Memory corruption vulnerability with potential for reliable exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IrfanView updates or CADImage plugin updates

Vendor Advisory: https://www.irfanview.com/

Restart Required: No

Instructions:

1. Open IrfanView
2. Go to Help > Check for Updates
3. Install any available updates
4. Alternatively, download latest version from official website

🔧 Temporary Workarounds

Disable DXF file association

windows

Remove IrfanView as default handler for DXF files

Control Panel > Default Programs > Set Associations > Find .DXF > Change program

Uninstall CADImage plugin

windows

Remove the vulnerable plugin component

Control Panel > Programs > Uninstall a program > Find IrfanView CADImage Plugin

🧯 If You Can't Patch

Implement application whitelisting to block IrfanView execution
Educate users not to open DXF files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check IrfanView Help > About for version and plugin information

Check Version:

irfanview.exe /?

Verify Fix Applied:

Verify IrfanView and plugins are updated to latest versions

📡 Detection & Monitoring

Log Indicators:

IrfanView process crashes when opening DXF files
Unexpected child processes spawned from IrfanView

Network Indicators:

Outbound connections from IrfanView process to suspicious IPs

SIEM Query:

Process Creation where Image contains 'i_view' and CommandLine contains '.dxf'

📊 Metadata

CVE ID: CVE-2025-7290

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 25, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-538/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7290, you might also want to check these: