CVE-2025-13670
Unknown Unknown - Not Provided

DLL Planting Vulnerability in High Level Synthesis i++ Compiler

Vulnerability report for CVE-2025-13670, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-12

Last updated on: 2025-12-12

Assigner: Altera

Description

The High Level Synthesis Compiler i++ command for Windows is vulnerable to a DLL planting vulnerability

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-12
Last Modified
2025-12-12
Generated
2026-07-06
AI Q&A
2025-12-12
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
high_level_synthesis_compiler i++ 4.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a DLL planting issue in the High Level Synthesis Compiler i++ command for Windows. It means that an attacker could place a malicious DLL file in a location where the compiler might load it instead of the legitimate DLL, potentially leading to execution of malicious code.

Impact Analysis

The impact of this vulnerability could include unauthorized code execution with limited privileges, which may lead to compromise of system integrity, data corruption, or other malicious activities depending on the attacker's goals and the environment.

Detection Guidance

Detection involves checking for the presence of malicious DLLs in the search path used by the i++ command and the build.bat file. Specifically, inspect the directory "C:\quartus\bin64" and any directories involved in the DLL search path for unauthorized or suspicious DLL files. Since the vulnerability is related to DLL planting via uncontrolled search paths, commands like 'dir C:\quartus\bin64' in Windows Command Prompt or 'Get-ChildItem -Path C:\quartus\bin64 -Filter *.dll' in PowerShell can help identify unexpected DLLs. Additionally, reviewing permissions on the directory to ensure only system administrators have write access can help detect potential exploitation. [1]

Mitigation Strategies

Immediate mitigation steps include replacing the vulnerable build.bat file with the secure version provided by Altera and restricting write permissions on the directory "C:\quartus\bin64" so that only system administrators have write access. These actions prevent attackers from placing malicious DLLs in the search path and exploiting the DLL planting vulnerability. Since no fixed version is available at the time of the advisory, these configuration changes are critical to reduce risk. [1]

Compliance Impact

The provided resources do not specify how this DLL planting vulnerability in the High Level Synthesis Compiler affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13670. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart