CVE-2025-7306
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on systems running IrfanView with the CADImage plugin when users open malicious DWG files. Attackers can exploit memory corruption during DWG file parsing to gain code execution in the current process context. Users of IrfanView with the vulnerable CADImage plugin are affected.
💻 Affected Systems
- IrfanView CADImage Plugin
📦 What is this software?
Cadimage by Cadsofttools
Cadimage by Cadsofttools
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local user account compromise with attacker executing code at the user's privilege level, potentially leading to credential theft, data exfiltration, or installation of persistent malware.
If Mitigated
Denial of service or application crash if exploit attempts are blocked by security controls, with no code execution achieved.
🎯 Exploit Status
Exploitation requires user interaction to open malicious DWG file. Memory corruption vulnerabilities typically require some exploit development sophistication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check IrfanView updates for CADImage plugin fix
Vendor Advisory: https://www.irfanview.com/
Restart Required: No
Instructions:
1. Open IrfanView. 2. Go to Help > Check for Updates. 3. Install any available updates for IrfanView and plugins. 4. Verify CADImage plugin is updated to patched version.
🔧 Temporary Workarounds
Disable DWG file association
windowsRemove IrfanView as default handler for DWG files to prevent automatic opening
Control Panel > Default Programs > Set Associations > Find .dwg > Change program to Notepad or other safe viewer
Block DWG files at perimeter
allPrevent malicious DWG files from reaching users via email or web
🧯 If You Can't Patch
- Implement application whitelisting to prevent unauthorized code execution
- Use endpoint protection with exploit prevention capabilities and restrict user privileges
🔍 How to Verify
Check if Vulnerable:
Check IrfanView Help > About dialog for version information and verify CADImage plugin version against patched releaseCheck Version:
irfanview.exe /?Verify Fix Applied:
Attempt to open known safe DWG files after update to ensure functionality remains while testing with proof-of-concept is not recommended📡 Detection & Monitoring
Log Indicators:
- IrfanView crash logs with memory access violations
- Windows Application Event Logs showing IrfanView crashes
Network Indicators:
- Unusual outbound connections from IrfanView process
- DWG file downloads from suspicious sources
SIEM Query:
Process:irfanview.exe AND (EventID:1000 OR EventID:1001) AND ExceptionCode:c0000005