SecuriTricks - CVE-2025-14599

Description

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1.

Product(s) Impacted

Vendor	Product	Versions
Altera	Quartus Prime Standard Quartus Prime Lite	23.1-24.1 23.1-24.1

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	altera	quartus_prime_standard	23.1-24.1	/	/	/	/	/	/	/
a	altera	quartus_prime_lite	23.1-24.1	/	/	/	/	/	/	/

References

https://www.altera.com/security/security-advisory/asa-0005

CVSS Score

5.4 / 10

CVSS Data - 4.0

Attack Vector: LOCAL
Attack Complexity: HIGH
Attack Requirements: PRESENT
Privileges Required: LOW
User Interaction: ACTIVE
Scope:
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: Jan. 7, 2026, 2:02 a.m.
Last Modified: Jan. 8, 2026, 6:09 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

04c0172e-9735-4a9d-a92a-fe01fa863447

CVE-2025-14599