Uncontrolled Search Path Element vulnerability in Altera... · CVE-2025-14605 · GitHub Advisory Database · GitHub

Uncontrolled Search Path Element vulnerability in Altera...

Moderate severity Unreviewed Published Jan 7, 2026 to the GitHub Advisory Database • Updated Jan 7, 2026

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1.

References

Published by the National Vulnerability Database

Jan 7, 2026

Published to the GitHub Advisory Database Jan 7, 2026

Last updated Jan 7, 2026

Severity

Moderate

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Local

Attack Complexity High

Attack Requirements Present

Privileges Required Low

User interaction Active

Vulnerable System Impact Metrics

Confidentiality High

Integrity High

Availability High

Subsequent System Impact Metrics

Confidentiality None

Integrity None

Availability None

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X