PSIRT Advisory ASA-0005 - Quartus® Prime Standard and Quartus® Prime Lite Security Advisory ASA-0005 CVE ID: CVE-2025-14599 A potential security vulnerability in Quartus Prime Standard Edition Installer (SFX) for Windows and Quartus Prime Lite Edition Installer (SFX) for Windows may allow escalation of privilege. Vulnerability Details: The Quartus Prime Standard Edition Installer (SFX) for Windows and the Quartus Prime Lite Edition Installer (SFX) for Windows are vulnerable to a binary planting attack. The Linux versions are not affected. Mitigations and Recommendations: Altera recommends using the Quartus 25.1 Standard Edition installer or later or the Quartus 25.1 Lite edition or later. For older Quartus Prime Standard and Lite versions, downloading the Individual installation files directly from the download page avoids the problem. Individual installer files are not affected. Description/CWE: CWE-427: Uncontrolled Search Path Element CVSS Base Score 6.7 Severity Medium CVSS Vector 3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Base Score 4.0: 5.4 Medium CVSS Vector 4.0: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE ID: CVE-2025-14614 A potential security vulnerability in Quartus Prime Standard Edition Installer (SFX) for Windows and Quartus Prime Lite Edition Installer (SFX) for Windows may allow escalation of privilege. Vulnerability Details: The Quartus Prime Standard Edition Installer (SFX) for Windows and the Quartus Prime Lite Edition Installer (SFX) for Windows are vulnerable to a binary planting attack. The Linux versions are not affected. Mitigations and Recommendations: Altera recommends using the Quartus 25.1 Standard Edition installer or later or the Quartus 25.1 Lite edition or later. For older Quartus Prime Standard and Lite versions, downloading the Individual installation files directly from the download page avoids the problem. Individual installer files are not affected. Description/CWE: CWE-377: Insecure Temporary File CVSS Base Score 6.7 Severity Medium CVSS Vector 3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Base Score 4.0: 5.4 Medium CVSS Vector 4.0: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE ID: CVE-2025-14625 A potential security vulnerability in Nios II Command Shell utility included in the Quartus Prime Standard Edition for Windows and may allow escalation of privilege. Vulnerability Details: The Nios II Command Shell utility included in the Quartus Prime Standard Edition for Windows and Quartus Prime Lite Edition for Windows is vulnerable to a Current Working Directory (CWD) planting attack. The Linux versions are not affected. Mitigations and Recommendations: Please follow the mitigation instructions on this knowledge base article or upgrade to Quartus 25.1 Standard Edition or later, or Quartus 25.1 Lite Edition or later. Description/CWE: CWE-427: Uncontrolled Search Path Element CVSS Base Score 6.7 Severity Medium CVSS Vector 3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Base Score 4.0: 5.4 Medium CVSS Vector 4.0: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE Affected Products Affected Versions Fixed Version CVE-2025-14599 Quartus® Prime Standard Edition Installer (SFX) for Windows Quartus® Prime Lite Edition Installer (SFX) for Windows 23.1–24.1 25.1 CVE-2025-14614 Quartus® Prime Standard Edition Installer (SFX) for Windows Quartus® Prime Lite Edition Installer (SFX) for Window 23.1-24.1 25.1.1 CVE-2025-14625 Quartus® Prime Standard Edition Nios II Command Shell Quartus® Prime Lite Edition Nios II Command Shell 19.1-24.1 25.3 Revision History: Revision Date Affected Versions 1.1 1/30/2026 Add Mitigation recommendations for CVE-2025-14625 1.0 12/20/2025 Initial Release Quartus® Prime Standard and Quartus® Prime Lite Security AdvisoryASA-0005CVE ID: CVE-2025-14599A potential security vulnerability in Quartus Prime Standard Edition Installer (SFX) for Windows and… - 2026-03-10
external_document