CVE-2025-7318 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7318?

CVE-2025-7318 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The memory corruption flaw occurs during DWG file parsing due to improper input validation. Affected users are those running vulnerable versions of IrfanView with the CADImage plugin installed.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The memory corruption flaw occurs during DWG file parsing due to improper input validation. Affected users are those running vulnerable versions of IrfanView with the CADImage plugin installed.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to the fix (specific version unknown from provided data)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the CADImage plugin to be installed and enabled in IrfanView. User interaction needed to open malicious DWG file.

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the user running IrfanView, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malware installation or data exfiltration when users open malicious DWG files from untrusted sources.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only crashing the application.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). The vulnerability is documented by ZDI (ZDI-CAN-26412).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown from provided references - check vendor advisory

Vendor Advisory: https://www.irfanview.com/

Restart Required: Yes

Instructions:

1. Visit the official IrfanView website
2. Download and install the latest version
3. Ensure CADImage plugin is updated
4. Restart system if prompted

🔧 Temporary Workarounds

Disable CADImage Plugin

windows

Remove or disable the vulnerable CADImage plugin from IrfanView

Navigate to IrfanView plugins directory and remove or rename CADImage plugin files

Block DWG File Association

windows

Prevent IrfanView from opening DWG files by default

Use Windows File Association settings to change default program for .dwg files

🧯 If You Can't Patch

Restrict user privileges to limit potential damage from code execution
Implement application whitelisting to prevent unauthorized executables

🔍 How to Verify

Check if Vulnerable:

Check IrfanView version and CADImage plugin version against vendor advisory

Check Version:

Open IrfanView → Help → About or check plugin manager

Verify Fix Applied:

Verify installed version matches or exceeds patched version from vendor

📡 Detection & Monitoring

Log Indicators:

IrfanView crashes when processing DWG files
Unexpected process creation from IrfanView

Network Indicators:

Outbound connections from IrfanView process to unknown IPs

SIEM Query:

Process Creation where Image contains 'i_view' AND ParentImage contains 'explorer'

📊 Metadata

CVE ID: CVE-2025-7318

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 25, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-565/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7318, you might also want to check these: