CVE-2025-7292
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DXF files with IrfanView's CADImage plugin. Attackers can gain control of affected systems through memory corruption during DXF file parsing. Users of IrfanView with the CADImage plugin installed are affected.
💻 Affected Systems
- IrfanView CADImage Plugin
📦 What is this software?
Cadimage by Cadsofttools
Cadimage by Cadsofttools
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the victim's machine, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Malware installation or data exfiltration from individual user workstations where users open malicious DXF files from untrusted sources.
If Mitigated
Limited impact with proper application whitelisting and user training preventing malicious file execution.
🎯 Exploit Status
Exploitation requires user interaction to open malicious file. Memory corruption vulnerability with potential for reliable exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check IrfanView updates for CADImage plugin fix
Vendor Advisory: https://www.irfanview.com/
Restart Required: No
Instructions:
1. Open IrfanView
2. Go to Help > Check for Updates
3. Install available updates
4. Verify CADImage plugin is updated
🔧 Temporary Workarounds
Disable CADImage Plugin
windowsRemove or disable the vulnerable CADImage plugin from IrfanView
Navigate to IrfanView plugins folder and remove CADImage.dll or rename to disable
Block DXF File Association
windowsPrevent IrfanView from opening DXF files by default
Control Panel > Default Programs > Associate a file type or protocol with a program > Change .dxf association
🧯 If You Can't Patch
- Implement application whitelisting to prevent unauthorized IrfanView execution
- Educate users about risks of opening untrusted DXF files and implement email filtering for attachments
🔍 How to Verify
Check if Vulnerable:
Check IrfanView version and CADImage plugin version against patched versions from vendor advisoryCheck Version:
Open IrfanView > Help > About IrfanViewVerify Fix Applied:
Verify IrfanView and CADImage plugin are updated to latest versions from official source📡 Detection & Monitoring
Log Indicators:
- IrfanView crash logs with memory access violations
- Windows Application Event Logs showing IrfanView crashes
Network Indicators:
- Unusual outbound connections from IrfanView process
- Downloads of DXF files from untrusted sources
SIEM Query:
Process Creation where Image contains 'i_view' AND CommandLine contains '.dxf'