CVE-2025-7302
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of IrfanView with the CADImage plugin. Attackers can exploit this by tricking users into opening malicious DWG files, leading to memory corruption and potential system compromise. Users of IrfanView with the CADImage plugin are affected.
💻 Affected Systems
- IrfanView CADImage Plugin
📦 What is this software?
Cadimage by Cadsofttools
Cadimage by Cadsofttools
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation or malware installation on the victim's machine, potentially leading to credential theft or persistent access.
If Mitigated
Limited impact due to proper file validation, user awareness, and restricted privileges, potentially resulting in application crash only.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file). Memory corruption vulnerabilities typically require some exploit development.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in provided references, check IrfanView updates
Vendor Advisory: https://www.irfanview.com/
Restart Required: No
Instructions:
1. Open IrfanView
2. Go to Help > Check for Updates
3. Follow prompts to update to latest version
4. Verify CADImage plugin is updated
🔧 Temporary Workarounds
Disable CADImage Plugin
windowsRemove or disable the vulnerable CADImage plugin from IrfanView
Navigate to IrfanView plugins folder and remove CADImage.dll or similar
Block DWG Files
windowsPrevent IrfanView from opening DWG files via file association changes
Control Panel > Default Programs > Set Associations > Remove .dwg from IrfanView
🧯 If You Can't Patch
- Restrict user privileges to limit impact of code execution
- Implement application whitelisting to prevent unauthorized executables
🔍 How to Verify
Check if Vulnerable:
Check IrfanView version and verify CADImage plugin is present. Vulnerable if using older version with plugin.Check Version:
In IrfanView: Help > About or check file properties of IrfanView executableVerify Fix Applied:
Update IrfanView to latest version and confirm CADImage plugin version is updated📡 Detection & Monitoring
Log Indicators:
- IrfanView crash logs with memory access violations
- Unexpected process creation from IrfanView
Network Indicators:
- Downloads of DWG files from untrusted sources
- Outbound connections from IrfanView process
SIEM Query:
Process Creation where Image contains 'i_view' AND ParentImage contains 'explorer' AND CommandLine contains '.dwg'