CVE-2025-14599
Unknown Unknown - Not Provided
Uncontrolled Search Path Vulnerability in Altera Quartus Installers

Publication date: 2026-01-07

Last updated on: 2026-01-07

Assigner: Altera

Description
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime LiteΒ  Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-07
Last Modified
2026-01-07
Generated
2026-06-16
AI Q&A
2026-01-07
EPSS Evaluated
2026-06-14
NVD
CVE-2025-14599
EUVD
EUVD-2025-206253
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
altera quartus_prime_standard From 23.1 (inc) to 24.1 (inc)
altera quartus_prime_lite From 23.1 (inc) to 24.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-14599 is an Uncontrolled Search Path Element vulnerability in the Quartus Prime Standard and Lite Edition Installers (SFX) for Windows. It allows an attacker to perform a binary planting attack by placing a malicious binary in a location that the installer searches. When the installer runs, it may execute this unauthorized code, leading to privilege escalation. This vulnerability affects versions 23.1 through 24.1 and requires local access, user interaction, and has high attack complexity. [1]

Impact Analysis

If exploited, this vulnerability can lead to privilege escalation on the affected system, allowing an attacker to execute unauthorized code with elevated privileges. This can compromise the confidentiality, integrity, and availability of the system, potentially leading to unauthorized access, data modification, or disruption of services. [1]

Mitigation Strategies

To mitigate this vulnerability, immediately upgrade to Quartus Prime Standard Edition 25.1 or later, or Quartus Prime Lite Edition 25.1 or later. If upgrading is not possible right away, use individual installation files downloaded directly from the official download page instead of the vulnerable SFX installer versions 23.1 through 24.1. These steps prevent the binary planting attack that leads to privilege escalation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14599. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart