CVE-2025-14599 MEDIUM

CVE-2025-14599: Quartus® Prime Standard and Quartus® Prime Lite Security Advisory

Vendor Altera
Product Quartus Prime Standard
Weakness CWE-427
Published January 6, 2026
Last update January 6, 2026

CVSS base score

5.4/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite  Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1.

Key dates

02Disclosure timeline

January 6, 2026 CVE published
January 6, 2026 Record updated