PSIRT Advisory ASA-0003 - High Level Synthesis Compiler Security Advisory ASA-0003 A potential security vulnerability in High Level Synthesis Compiler Software may allow escalation of privilege. CVE ID: CVE-2025-13669 Vulnerability Details: A Current Working Directory (CWD) DLL planting vulnerability exists in a batch file in a design example. Mitigations and Recommendations: Altera recommends replacing the build.bat with the file located here. This is a Windows Issue. The Linux version is not affected. Description/CWE: CWE-427: Uncontrolled Search Path Element CVSS Base Score 6.7 Severity Medium CVSS Vector 3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Base Score 4.0: 5.4 Medium CVSS Vector 4.0: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE ID: CVE-2025-13670 Vulnerability Details: The High Level Synthesis Compiler i++ command for Windows is vulnerable to a DLL planting vulnerability. The Linux version is not affected. Mitigations and Recommendations: To mitigate the issue, Altera recommends restricting write access to the directory “C:\quartus\bin64" to system administrators only Description/CWE: CWE-427: Uncontrolled Search Path Element CVSS Base Score 6.7 Severity Medium CVSS Vector 3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Base Score 4.0: 5.4 Medium CVSS Vector 4.0: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE Affected Products Affected Versions Fixed Version CVE-2025-13669 High Level Synthesis Compiler Up to 24.3 N/A CVE-2025-13670 High Level Synthesis Compiler Up to 24.3 N/A Acknowledgements: Altera would like to thank ycdxsb for reporting these issues Revision History: Revision Date Affected Versions 1.0 05/13/2025 Initial Release 1.1 12/20/2025 Add CVE Numbers Stay informed with Altera’s Product Security Incident Response Team (PSIRT) advisories, including disclosures, mitigations, and security updates.