CVE-2025-7296
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of IrfanView with the CADImage plugin. Attackers can exploit this by tricking users into opening malicious DXF files or visiting malicious web pages. The vulnerability affects IrfanView users who have the CADImage plugin installed.
💻 Affected Systems
- IrfanView CADImage Plugin
📦 What is this software?
Cadimage by Cadsofttools
Cadimage by Cadsofttools
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local user account compromise leading to data exfiltration, credential theft, or installation of additional malware on the affected system.
If Mitigated
Limited impact with proper application sandboxing and user privilege restrictions, potentially resulting in application crash only.
🎯 Exploit Status
Requires user interaction to open malicious file. Memory corruption vulnerabilities in file parsers are commonly exploited.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check IrfanView website for latest version
Vendor Advisory: https://www.irfanview.com/
Restart Required: No
Instructions:
1. Visit https://www.irfanview.com/
2. Download and install the latest version of IrfanView
3. Ensure CADImage plugin is updated to latest version
4. Verify installation completes successfully
🔧 Temporary Workarounds
Disable DXF file association
windowsRemove IrfanView as default handler for DXF files to prevent automatic opening
Control Panel > Default Programs > Set Associations > Find .DXF > Change program
Remove CADImage plugin
windowsTemporarily remove the vulnerable plugin until patched
Navigate to IrfanView plugins folder and remove or rename CADImage plugin files
🧯 If You Can't Patch
- Implement application whitelisting to block IrfanView execution
- Use endpoint protection with memory corruption exploit prevention
🔍 How to Verify
Check if Vulnerable:
Check IrfanView Help > About for version number and verify CADImage plugin is installedCheck Version:
irfanview.exe /?Verify Fix Applied:
Verify IrfanView version is updated to latest and CADImage plugin version matches vendor recommendation📡 Detection & Monitoring
Log Indicators:
- IrfanView process crashes when opening DXF files
- Unusual child processes spawned from IrfanView
Network Indicators:
- Outbound connections from IrfanView process to unknown IPs
SIEM Query:
Process Creation where Image contains 'i_view' and CommandLine contains '.dxf'