Memory Corruption in IrfanView CADImage Plugin Allows Remote Code Execution
CVE-2025-7285

7.8HIGH

Key Information:

Vendor

Irfanview

Status
Vendor
CVE Published:
21 July 2025

What is CVE-2025-7285?

A vulnerability in the IrfanView CADImage Plugin allows remote attackers to exploit a flaw in DXF file parsing which can lead to memory corruption. By enticing users to visit a malicious page or open a harmful file, attackers can execute arbitrary code within the affected application. This issue arises due to inadequate validation of user-supplied data, leading to potential manipulation of the current process. Protect your installations and remain vigilant against this exploit.

Affected Version(s)

IrfanView 4.70.0.0

References

CVSS V3.0

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-7285 : Memory Corruption in IrfanView CADImage Plugin Allows Remote Code Execution