CVE-2025-14625
Search Order Hijacking in Altera Quartus Prime Nios II Shell
Publication date: 2026-01-07
Last updated on: 2026-01-07
Assigner: Altera
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| altera | quartus_prime_standard | From 19.1 (inc) to 24.1 (inc) |
| altera | quartus_prime_lite | From 19.1 (inc) to 24.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Uncontrolled Search Path Element issue in Altera Quartus Prime Standard and Lite on Windows, specifically affecting the Nios II Command Shell modules. It allows Search Order Hijacking, meaning an attacker could manipulate the order in which the system searches for executable files or libraries, potentially causing the system to execute malicious code.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker to hijack the search order for executable files or libraries, which could lead to execution of unauthorized or malicious code. This can compromise the integrity, confidentiality, and availability of your system or data.