SecuriTricks - CVE-2025-14614

Description

Insecure Temporary File vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Explore for Predictable Temporary File Names.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1.

Product(s) Impacted

Vendor	Product	Versions
Altera	Quartus Prime Standard Quartus Prime Lite	23.1-24.1 23.1-24.1

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-377

Insecure Temporary File

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	altera	quartus_prime_standard	23.1-24.1	/	/	/	/	/	/	/
a	altera	quartus_prime_lite	23.1-24.1	/	/	/	/	/	/	/

References

https://www.altera.com/security/security-advisory/asa-0005

CVSS Score

5.4 / 10

CVSS Data - 4.0

Attack Vector: LOCAL
Attack Complexity: HIGH
Attack Requirements: PRESENT
Privileges Required: LOW
User Interaction: ACTIVE
Scope:
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: Jan. 7, 2026, 12:16 p.m.
Last Modified: Jan. 8, 2026, 6:08 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

04c0172e-9735-4a9d-a92a-fe01fa863447

CVE-2025-14614