CVE-2025-13670
Unknown Unknown - Not Provided
DLL Planting Vulnerability in High Level Synthesis i++ Compiler

Publication date: 2025-12-12

Last updated on: 2025-12-12

Assigner: Altera

Description
The High Level Synthesis Compiler i++ command for Windows is vulnerable to a DLL planting vulnerability
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-12
Last Modified
2025-12-12
Generated
2026-06-16
AI Q&A
2025-12-12
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13670
EUVD
EUVD-2025-202941
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
high_level_synthesis_compiler i++ 4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

Detection involves checking for the presence of malicious DLLs in the search path used by the i++ command and the build.bat file. Specifically, inspect the directory "C:\quartus\bin64" and any directories involved in the DLL search path for unauthorized or suspicious DLL files. Since the vulnerability is related to DLL planting via uncontrolled search paths, commands like 'dir C:\quartus\bin64' in Windows Command Prompt or 'Get-ChildItem -Path C:\quartus\bin64 -Filter *.dll' in PowerShell can help identify unexpected DLLs. Additionally, reviewing permissions on the directory to ensure only system administrators have write access can help detect potential exploitation. [1]

Executive Summary

This vulnerability is a DLL planting issue in the High Level Synthesis Compiler i++ command for Windows. It means that an attacker could place a malicious DLL file in a location where the compiler might load it instead of the legitimate DLL, potentially leading to execution of malicious code.

Impact Analysis

The impact of this vulnerability could include unauthorized code execution with limited privileges, which may lead to compromise of system integrity, data corruption, or other malicious activities depending on the attacker's goals and the environment.

Mitigation Strategies

Immediate mitigation steps include replacing the vulnerable build.bat file with the secure version provided by Altera and restricting write permissions on the directory "C:\quartus\bin64" so that only system administrators have write access. These actions prevent attackers from placing malicious DLLs in the search path and exploiting the DLL planting vulnerability. Since no fixed version is available at the time of the advisory, these configuration changes are critical to reduce risk. [1]

Compliance Impact

The provided resources do not specify how this DLL planting vulnerability in the High Level Synthesis Compiler affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13670. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart