CVE-2025-14605
Search Order Hijacking in Altera Quartus Prime Pro on Windows
Publication date: 2026-01-07
Last updated on: 2026-01-07
Assigner: Altera
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| altera | quartus_prime_pro | From 17.0 (inc) to 25.1.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-14605 is a medium severity security vulnerability in the System Console utility of Altera Quartus Prime Pro Edition for Windows (versions 17.0 through 25.1). It is an Uncontrolled Search Path Element vulnerability (CWE-427) that allows a Current Working Directory (CWD) planting attack. This means an attacker can exploit how the utility handles its search path to hijack the search order, potentially escalating their privileges on the system. [1]
How can this vulnerability impact me? :
This vulnerability can lead to privilege escalation on affected systems. An attacker with local access and low privileges, requiring user interaction, could exploit the vulnerability to gain higher privileges, potentially compromising the confidentiality, integrity, and availability of the system. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade to Quartus Prime Pro Edition version 25.1.1 or later, or use the System Console utility included in Quartus Prime Pro Edition Programmer and Tools 25.1.1 or later. This update corrects the search path handling to prevent Current Working Directory planting attacks. [1]