CVE-2025-7304 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7304?

CVE-2025-7304 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. Attackers can achieve full system compromise in the context of the current user. All users of IrfanView with the vulnerable CADImage plugin are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. Attackers can achieve full system compromise in the context of the current user. All users of IrfanView with the vulnerable CADImage plugin are affected.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to the patched release

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction to open malicious DWG file. The vulnerability is in the plugin, not the main IrfanView application.

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the logged-in user, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malware installation or data exfiltration through spear-phishing campaigns targeting users who handle CAD files.

🟢

If Mitigated

Limited impact if users operate with minimal privileges and security controls prevent malicious file execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is technically straightforward once a malicious file is opened.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IrfanView plugin updates for CADImage plugin fix

Vendor Advisory: https://www.irfanview.com/

Restart Required: Yes

Instructions:

1. Open IrfanView
2. Go to Help > Check for Updates
3. Update all plugins including CADImage
4. Restart IrfanView

🔧 Temporary Workarounds

Disable CADImage Plugin

windows

Remove or disable the vulnerable plugin to prevent exploitation

Navigate to IrfanView plugins folder and rename or delete CADImage plugin files

Block DWG Files

windows

Prevent IrfanView from opening DWG files via file association changes

Control Panel > Default Programs > Set Associations > Remove .dwg from IrfanView

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized executables
Use email/web filtering to block malicious DWG attachments

🔍 How to Verify

Check if Vulnerable:

Check IrfanView plugin version in Help > About Plugins > CADImage

Check Version:

irfanview.exe /plugins

Verify Fix Applied:

Verify CADImage plugin version is updated to patched version

📡 Detection & Monitoring

Log Indicators:

IrfanView crash logs with memory access violations
Unexpected process creation from IrfanView

Network Indicators:

Outbound connections from IrfanView process to unknown IPs

SIEM Query:

Process Creation where Image contains 'irfanview' AND ParentImage contains 'explorer'

📊 Metadata

CVE ID: CVE-2025-7304

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 25, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-551/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7304, you might also want to check these: