CVE-2025-7322 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7322?

CVE-2025-7322 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The flaw exists in how the plugin parses DWG files, enabling out-of-bounds reads that can lead to remote code execution. Users of IrfanView with the CADImage plugin installed are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The flaw exists in how the plugin parses DWG files, enabling out-of-bounds reads that can lead to remote code execution. Users of IrfanView with the CADImage plugin installed are affected.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to the patched release (specific version unknown from provided data)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires IrfanView with CADImage plugin installed and configured to handle DWG files.

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system in the context of the current user.

🟠

Likely Case

Malware installation, data theft, or ransomware deployment through user-initiated malicious file opening.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but common in email/web download scenarios.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files from internal sources.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious DWG file. ZDI advisory suggests exploit development is feasible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown specific version - check IrfanView updates

Vendor Advisory: https://www.irfanview.com/

Restart Required: No

Instructions:

1. Open IrfanView
2. Go to Help → Check for Updates
3. Install available updates
4. Verify CADImage plugin is updated

🔧 Temporary Workarounds

Disable DWG file association

windows

Remove IrfanView/CADImage plugin as default handler for DWG files

Control Panel → Default Programs → Set Associations → Remove .dwg from IrfanView

Uninstall CADImage plugin

windows

Remove the vulnerable plugin entirely

Control Panel → Programs → Uninstall → Remove IrfanView CADImage Plugin

🧯 If You Can't Patch

Implement application whitelisting to block IrfanView execution
Use application sandboxing to contain potential exploits

🔍 How to Verify

Check if Vulnerable:

Check IrfanView version and CADImage plugin version against patched releases from vendor

Check Version:

Open IrfanView → Help → About → Check version numbers

Verify Fix Applied:

Verify IrfanView and CADImage plugin are updated to latest versions

📡 Detection & Monitoring

Log Indicators:

IrfanView process crashes when opening DWG files
Unusual child processes spawned from IrfanView

Network Indicators:

Outbound connections from IrfanView process to unknown IPs

SIEM Query:

Process Creation where ParentImage contains 'i_view' and CommandLine contains '.dwg'

📊 Metadata

CVE ID: CVE-2025-7322

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 25, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-569/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7322, you might also want to check these: