CVE-2025-7310 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7310?

CVE-2025-7310 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The memory corruption flaw occurs during DWG file parsing due to improper input validation. Affected users include anyone using IrfanView with the vulnerable CADImage plugin.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The memory corruption flaw occurs during DWG file parsing due to improper input validation. Affected users include anyone using IrfanView with the vulnerable CADImage plugin.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to the patched release

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires IrfanView with CADImage plugin installed and DWG file association enabled.

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the user running IrfanView, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malware installation or data exfiltration when users open malicious DWG files from untrusted sources.

🟢

If Mitigated

Limited impact if proper application whitelisting and user privilege restrictions are in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (opening malicious file). ZDI-CAN-26393 tracking suggests active research interest.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IrfanView updates for CADImage plugin fix

Vendor Advisory: https://www.irfanview.com/

Restart Required: No

Instructions:

1. Open IrfanView
2. Go to Help > Check for Updates
3. Install all available updates
4. Verify CADImage plugin is updated

🔧 Temporary Workarounds

Disable DWG file association

windows

Remove DWG file type association with IrfanView to prevent automatic opening

Control Panel > Default Programs > Associate a file type or protocol with a program > Change .dwg association to another application

Remove CADImage plugin

windows

Temporarily remove the vulnerable plugin until patched

Navigate to IrfanView plugins folder and remove or rename CADImage.dll

🧯 If You Can't Patch

Implement application whitelisting to block IrfanView execution
Restrict user privileges to standard user accounts (not administrator)

🔍 How to Verify

Check if Vulnerable:

Check IrfanView Help > About dialog for version and plugin information

Check Version:

irfanview.exe /?

Verify Fix Applied:

Verify IrfanView and CADImage plugin versions match patched releases from vendor

📡 Detection & Monitoring

Log Indicators:

IrfanView crash logs with memory access violations
Unexpected IrfanView process spawning child processes

Network Indicators:

Outbound connections from IrfanView process to unknown IPs

SIEM Query:

Process Creation where Image contains 'i_view' AND ParentImage not in ('explorer.exe', 'cmd.exe')

📊 Metadata

CVE ID: CVE-2025-7310

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 25, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-556/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7310, you might also want to check these: