CVE-2025-14599Uncontrolled Search Path Element in Intel Quartus Prime

CWE-427Uncontrolled Search Path Element3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.0%
top 96.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Intel Quartus PrimeAltera Quartus Prime LiteAltera Quartus Prime Standard
Timeline
PublishedJan 7

Description

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

CVEListV5altera/quartus_prime_lite23.124.1
CVEListV5altera/quartus_prime_standard23.124.1
NVDintel/quartus_prime23.125.1

🔴Vulnerability Details

2
GHSA
GHSA-58fv-5j68-xf6p: Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SF2026-01-07
CVEList
Quartus® Prime Standard and Quartus® Prime Lite Security Advisory2026-01-06
CVE-2025-14599 — Uncontrolled Search Path Element | cvebase