Memory Corruption Vulnerability in IrfanView CADImage Plugin
CVE-2025-7290
7.8HIGH
What is CVE-2025-7290?
The IrfanView CADImage Plugin contains a memory corruption vulnerability specifically tied to the parsing of DXF files. This security flaw arises from improper validation of user-supplied data, enabling remote attackers to execute arbitrary code on affected installations. Exploitation requires user interaction, such as visiting a malicious site or opening a compromised file. This vulnerability could lead to severe security implications for users, emphasizing the importance of prompt updates and caution when handling DXF files.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
IrfanView 4.70.0.0
References
CVSS V3.0
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved