CVE-2025-14596

CWE-4273 documents3 sources
Severity
5.4MEDIUM
EPSS
0.0%
top 96.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Intel Quartus PrimeAltera Quartus Prime PRO
Timeline
PublishedJan 7

Description

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5altera/quartus_prime_pro24.124.3.1
NVDintel/quartus_prime24.125.1

🔴Vulnerability Details

2
GHSA
GHSA-5f84-6463-h54p: Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking2026-01-07
CVEList
Quartus Prime Pro Edition Installer Advisory2026-01-06
CVE-2025-14596 (MEDIUM CVSS 5.4) | Uncontrolled Search Path Element vu | cvebase.io