Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for Quartus Prime Pro by Altera

    CVE-2025-14612 (GCVE-0-2025-14612)

    Vulnerability from nvd – Published: 2026-01-06 21:24 – Updated: 2026-01-07 16:56
    VLAI
    Title
    Quartus Prime Pro Edition Advisory
    Summary
    Insecure Temporary File vulnerability in Altera Quartus Prime Pro  Installer (SFX) on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-377 - Insecure Temporary File
    Assigner
    Impacted products
    Vendor Product Version
    Altera Quartus Prime Pro Affected: 24.1 , ≤ 25.1.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14612",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-07T16:56:03.412462Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-07T16:56:08.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Installer"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Quartus Prime Pro",
              "vendor": "Altera",
              "versions": [
                {
                  "lessThanOrEqual": "25.1.1",
                  "status": "affected",
                  "version": "24.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:altera:quartus_prime_pro:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "25.1.1",
                      "versionStartIncluding": "24.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insecure Temporary File vulnerability in Altera Quartus Prime Pro\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstaller (SFX)\u003c/span\u003e\n\n on Windows allows : Use of Predictable File Names.\u003cp\u003eThis issue affects Quartus Prime Pro: from 24.1 through 25.1.1.\u003c/p\u003e"
                }
              ],
              "value": "Insecure Temporary File vulnerability in Altera Quartus Prime Pro\u00a0\n\nInstaller (SFX)\n\n on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-149",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-149 Explore for Predictable Temporary File Names"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-377",
                  "description": "CWE-377: Insecure Temporary File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T21:38:58.670Z",
            "orgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
            "shortName": "Altera"
          },
          "references": [
            {
              "url": "https://www.altera.com/security/security-advisory/asa-0004"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Quartus Prime Pro Edition Advisory",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
        "assignerShortName": "Altera",
        "cveId": "CVE-2025-14612",
        "datePublished": "2026-01-06T21:24:33.025Z",
        "dateReserved": "2025-12-12T20:34:39.402Z",
        "dateUpdated": "2026-01-07T16:56:08.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14605 (GCVE-0-2025-14605)

    Vulnerability from nvd – Published: 2026-01-06 21:15 – Updated: 2026-01-07 16:55
    VLAI
    Title
    Quartus Prime Pro Edition Advisory
    Summary
    Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Altera Quartus Prime Pro Affected: 17.0 , ≤ 25.1.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14605",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-07T16:55:19.083370Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-07T16:55:28.143Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "System Console"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Quartus Prime Pro",
              "vendor": "Altera",
              "versions": [
                {
                  "lessThanOrEqual": "25.1.1",
                  "status": "affected",
                  "version": "17.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:altera:quartus_prime_pro:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "25.1.1",
                      "versionStartIncluding": "17.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.\u003cp\u003eThis issue affects Quartus Prime Pro: from 17.0 through 25.1.1.\u003c/p\u003e"
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T21:17:02.552Z",
            "orgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
            "shortName": "Altera"
          },
          "references": [
            {
              "url": "https://www.altera.com/security/security-advisory/asa-0004"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Quartus Prime Pro Edition Advisory",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
        "assignerShortName": "Altera",
        "cveId": "CVE-2025-14605",
        "datePublished": "2026-01-06T21:15:56.664Z",
        "dateReserved": "2025-12-12T19:11:15.340Z",
        "dateUpdated": "2026-01-07T16:55:28.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14596 (GCVE-0-2025-14596)

    Vulnerability from nvd – Published: 2026-01-06 21:06 – Updated: 2026-01-06 21:26
    VLAI
    Title
    Quartus Prime Pro Edition Installer Advisory
    Summary
    Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Altera Quartus Prime Pro Affected: 24.1 , ≤ 24.3.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14596",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T21:26:03.604892Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T21:26:20.926Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Installer"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Quartus Prime Pro",
              "vendor": "Altera",
              "versions": [
                {
                  "lessThanOrEqual": "24.3.1",
                  "status": "affected",
                  "version": "24.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:altera:quartus_prime_pro:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "24.3.1",
                      "versionStartIncluding": "24.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstaller (SFX) \u003c/span\u003e\n\non Windows allows Search Order Hijacking.\u003cp\u003eThis issue affects Quartus Prime Pro: from 24.1 through 24.3.1.\u003c/p\u003e"
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro \n\nInstaller (SFX) \n\non Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T21:18:08.332Z",
            "orgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
            "shortName": "Altera"
          },
          "references": [
            {
              "url": "https://www.altera.com/security/security-advisory/asa-0004"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Quartus Prime Pro Edition Installer Advisory",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
        "assignerShortName": "Altera",
        "cveId": "CVE-2025-14596",
        "datePublished": "2026-01-06T21:06:19.457Z",
        "dateReserved": "2025-12-12T16:35:21.755Z",
        "dateUpdated": "2026-01-06T21:26:20.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13668 (GCVE-0-2025-13668)

    Vulnerability from nvd – Published: 2025-12-11 22:02 – Updated: 2025-12-18 20:40
    VLAI
    Title
    Quartus Prime Pro Edition Advisory
    Summary
    A potential security vulnerability in Quartus® Prime Pro Edition Design Software may allow escalation of privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Altera Quartus Prime Pro Affected: 17.0 , ≤ 24.3.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13668",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T20:40:04.807866Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T20:40:13.880Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "System Console"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Quartus Prime Pro",
              "vendor": "Altera",
              "versions": [
                {
                  "lessThanOrEqual": "24.3.1",
                  "status": "affected",
                  "version": "17.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:altera:quartus_prime_pro:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "24.3.1",
                      "versionStartIncluding": "17.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A potential security vulnerability in Quartus\u00ae Prime Pro Edition Design Software may allow escalation of privilege."
                }
              ],
              "value": "A potential security vulnerability in Quartus\u00ae Prime Pro Edition Design Software may allow escalation of privilege."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-11T22:02:39.724Z",
            "orgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
            "shortName": "Altera"
          },
          "references": [
            {
              "url": "https://www.altera.com/security/security-advisory/asa-0001"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Quartus Prime Pro Edition Advisory",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
        "assignerShortName": "Altera",
        "cveId": "CVE-2025-13668",
        "datePublished": "2025-12-11T22:02:39.724Z",
        "dateReserved": "2025-11-25T16:58:40.026Z",
        "dateUpdated": "2025-12-18T20:40:13.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13663 (GCVE-0-2025-13663)

    Vulnerability from nvd – Published: 2025-12-11 20:35 – Updated: 2025-12-11 21:03
    VLAI
    Title
    Quartus Prime Pro Edition Installer Advisory
    Summary
    Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-279 - Incorrect Execution-Assigned Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Altera Quartus Prime Pro Affected: 17.0 , ≤ 24.3.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13663",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-11T21:02:36.053025Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-11T21:03:49.282Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Installer"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Quartus Prime Pro",
              "vendor": "Altera",
              "versions": [
                {
                  "lessThanOrEqual": "24.3.1",
                  "status": "affected",
                  "version": "17.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:altera:quartus_prime_pro:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "24.3.1",
                      "versionStartIncluding": "17.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnder certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists.\u003c/span\u003e"
                }
              ],
              "value": "Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-642",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-642 Replace Binaries"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-279",
                  "description": "CWE-279: Incorrect Execution-Assigned Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-11T20:35:24.735Z",
            "orgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
            "shortName": "Altera"
          },
          "references": [
            {
              "url": "https://www.altera.com/security/security-advisory/asa-0001"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Quartus Prime Pro Edition Installer Advisory",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
        "assignerShortName": "Altera",
        "cveId": "CVE-2025-13663",
        "datePublished": "2025-12-11T20:35:24.735Z",
        "dateReserved": "2025-11-25T16:21:46.226Z",
        "dateUpdated": "2025-12-11T21:03:49.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14612 (GCVE-0-2025-14612)

    Vulnerability from cvelistv5 – Published: 2026-01-06 21:24 – Updated: 2026-01-07 16:56
    VLAI
    Title
    Quartus Prime Pro Edition Advisory
    Summary
    Insecure Temporary File vulnerability in Altera Quartus Prime Pro  Installer (SFX) on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-377 - Insecure Temporary File
    Assigner
    Impacted products
    Vendor Product Version
    Altera Quartus Prime Pro Affected: 24.1 , ≤ 25.1.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14612",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-07T16:56:03.412462Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-07T16:56:08.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Installer"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Quartus Prime Pro",
              "vendor": "Altera",
              "versions": [
                {
                  "lessThanOrEqual": "25.1.1",
                  "status": "affected",
                  "version": "24.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:altera:quartus_prime_pro:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "25.1.1",
                      "versionStartIncluding": "24.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insecure Temporary File vulnerability in Altera Quartus Prime Pro\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstaller (SFX)\u003c/span\u003e\n\n on Windows allows : Use of Predictable File Names.\u003cp\u003eThis issue affects Quartus Prime Pro: from 24.1 through 25.1.1.\u003c/p\u003e"
                }
              ],
              "value": "Insecure Temporary File vulnerability in Altera Quartus Prime Pro\u00a0\n\nInstaller (SFX)\n\n on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-149",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-149 Explore for Predictable Temporary File Names"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-377",
                  "description": "CWE-377: Insecure Temporary File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T21:38:58.670Z",
            "orgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
            "shortName": "Altera"
          },
          "references": [
            {
              "url": "https://www.altera.com/security/security-advisory/asa-0004"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Quartus Prime Pro Edition Advisory",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
        "assignerShortName": "Altera",
        "cveId": "CVE-2025-14612",
        "datePublished": "2026-01-06T21:24:33.025Z",
        "dateReserved": "2025-12-12T20:34:39.402Z",
        "dateUpdated": "2026-01-07T16:56:08.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14605 (GCVE-0-2025-14605)

    Vulnerability from cvelistv5 – Published: 2026-01-06 21:15 – Updated: 2026-01-07 16:55
    VLAI
    Title
    Quartus Prime Pro Edition Advisory
    Summary
    Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Altera Quartus Prime Pro Affected: 17.0 , ≤ 25.1.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14605",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-07T16:55:19.083370Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-07T16:55:28.143Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "System Console"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Quartus Prime Pro",
              "vendor": "Altera",
              "versions": [
                {
                  "lessThanOrEqual": "25.1.1",
                  "status": "affected",
                  "version": "17.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:altera:quartus_prime_pro:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "25.1.1",
                      "versionStartIncluding": "17.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.\u003cp\u003eThis issue affects Quartus Prime Pro: from 17.0 through 25.1.1.\u003c/p\u003e"
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T21:17:02.552Z",
            "orgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
            "shortName": "Altera"
          },
          "references": [
            {
              "url": "https://www.altera.com/security/security-advisory/asa-0004"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Quartus Prime Pro Edition Advisory",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
        "assignerShortName": "Altera",
        "cveId": "CVE-2025-14605",
        "datePublished": "2026-01-06T21:15:56.664Z",
        "dateReserved": "2025-12-12T19:11:15.340Z",
        "dateUpdated": "2026-01-07T16:55:28.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14596 (GCVE-0-2025-14596)

    Vulnerability from cvelistv5 – Published: 2026-01-06 21:06 – Updated: 2026-01-06 21:26
    VLAI
    Title
    Quartus Prime Pro Edition Installer Advisory
    Summary
    Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Altera Quartus Prime Pro Affected: 24.1 , ≤ 24.3.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14596",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T21:26:03.604892Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T21:26:20.926Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Installer"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Quartus Prime Pro",
              "vendor": "Altera",
              "versions": [
                {
                  "lessThanOrEqual": "24.3.1",
                  "status": "affected",
                  "version": "24.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:altera:quartus_prime_pro:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "24.3.1",
                      "versionStartIncluding": "24.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstaller (SFX) \u003c/span\u003e\n\non Windows allows Search Order Hijacking.\u003cp\u003eThis issue affects Quartus Prime Pro: from 24.1 through 24.3.1.\u003c/p\u003e"
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro \n\nInstaller (SFX) \n\non Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T21:18:08.332Z",
            "orgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
            "shortName": "Altera"
          },
          "references": [
            {
              "url": "https://www.altera.com/security/security-advisory/asa-0004"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Quartus Prime Pro Edition Installer Advisory",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
        "assignerShortName": "Altera",
        "cveId": "CVE-2025-14596",
        "datePublished": "2026-01-06T21:06:19.457Z",
        "dateReserved": "2025-12-12T16:35:21.755Z",
        "dateUpdated": "2026-01-06T21:26:20.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13668 (GCVE-0-2025-13668)

    Vulnerability from cvelistv5 – Published: 2025-12-11 22:02 – Updated: 2025-12-18 20:40
    VLAI
    Title
    Quartus Prime Pro Edition Advisory
    Summary
    A potential security vulnerability in Quartus® Prime Pro Edition Design Software may allow escalation of privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Altera Quartus Prime Pro Affected: 17.0 , ≤ 24.3.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13668",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T20:40:04.807866Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T20:40:13.880Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "System Console"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Quartus Prime Pro",
              "vendor": "Altera",
              "versions": [
                {
                  "lessThanOrEqual": "24.3.1",
                  "status": "affected",
                  "version": "17.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:altera:quartus_prime_pro:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "24.3.1",
                      "versionStartIncluding": "17.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A potential security vulnerability in Quartus\u00ae Prime Pro Edition Design Software may allow escalation of privilege."
                }
              ],
              "value": "A potential security vulnerability in Quartus\u00ae Prime Pro Edition Design Software may allow escalation of privilege."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-11T22:02:39.724Z",
            "orgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
            "shortName": "Altera"
          },
          "references": [
            {
              "url": "https://www.altera.com/security/security-advisory/asa-0001"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Quartus Prime Pro Edition Advisory",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
        "assignerShortName": "Altera",
        "cveId": "CVE-2025-13668",
        "datePublished": "2025-12-11T22:02:39.724Z",
        "dateReserved": "2025-11-25T16:58:40.026Z",
        "dateUpdated": "2025-12-18T20:40:13.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13663 (GCVE-0-2025-13663)

    Vulnerability from cvelistv5 – Published: 2025-12-11 20:35 – Updated: 2025-12-11 21:03
    VLAI
    Title
    Quartus Prime Pro Edition Installer Advisory
    Summary
    Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-279 - Incorrect Execution-Assigned Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Altera Quartus Prime Pro Affected: 17.0 , ≤ 24.3.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13663",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-11T21:02:36.053025Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-11T21:03:49.282Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Installer"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Quartus Prime Pro",
              "vendor": "Altera",
              "versions": [
                {
                  "lessThanOrEqual": "24.3.1",
                  "status": "affected",
                  "version": "17.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:altera:quartus_prime_pro:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "24.3.1",
                      "versionStartIncluding": "17.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnder certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists.\u003c/span\u003e"
                }
              ],
              "value": "Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-642",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-642 Replace Binaries"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-279",
                  "description": "CWE-279: Incorrect Execution-Assigned Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-11T20:35:24.735Z",
            "orgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
            "shortName": "Altera"
          },
          "references": [
            {
              "url": "https://www.altera.com/security/security-advisory/asa-0001"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Quartus Prime Pro Edition Installer Advisory",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
        "assignerShortName": "Altera",
        "cveId": "CVE-2025-13663",
        "datePublished": "2025-12-11T20:35:24.735Z",
        "dateReserved": "2025-11-25T16:21:46.226Z",
        "dateUpdated": "2025-12-11T21:03:49.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }