CVE-2025-14625 MEDIUM

CVE-2025-14625: Quartus® Prime Standard and Quartus® Prime Lite Security Advisory

Vendor Altera
Product Quartus Prime Standard
Weakness CWE-427
Published January 6, 2026
Last update January 28, 2026

CVSS base score

5.4/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1.

Key dates

02Disclosure timeline

January 6, 2026 CVE published
January 28, 2026 Record updated