{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14625", "assignerOrgId": "04c0172e-9735-4a9d-a92a-fe01fa863447", "state": "PUBLISHED", "assignerShortName": "Altera", "dateReserved": "2025-12-12T21:06:52.874Z", "datePublished": "2026-01-06T21:42:28.480Z", "dateUpdated": "2026-01-06T21:49:33.995Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Nios II Command Shell"], "platforms": ["Windows"], "product": "Quartus Prime Standard", "vendor": "Altera", "versions": [{"lessThanOrEqual": "24.1", "status": "affected", "version": "19.1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Nios II Command Shell"], "platforms": ["Windows"], "product": "Quartus Prime Lite", "vendor": "Altera", "versions": [{"lessThanOrEqual": "24.1", "status": "affected", "version": "19.1", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:altera:quartus_prime_standard:*:*:windows:*:*:*:*:*", "versionEndIncluding": "24.1", "versionStartIncluding": "19.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:altera:quartus_prime_lite:*:*:windows:*:*:*:*:*", "versionEndIncluding": "24.1", "versionStartIncluding": "19.1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.<p>This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1.</p>"}], "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1."}], "impacts": [{"capecId": "CAPEC-471", "descriptions": [{"lang": "en", "value": "CAPEC-471 Search Order Hijacking"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "04c0172e-9735-4a9d-a92a-fe01fa863447", "shortName": "Altera", "dateUpdated": "2026-01-06T21:42:28.480Z"}, "references": [{"url": "https://www.altera.com/security/security-advisory/asa-0005"}], "source": {"discovery": "UNKNOWN"}, "title": "Quartus\u00ae Prime Standard and Quartus\u00ae Prime Lite Security Advisory", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-06T21:49:26.029382Z", "id": "CVE-2025-14625", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-06T21:49:33.995Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14625", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-06T21:49:26.029382Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-06T21:49:30.331Z"}}], "cna": {"title": "Quartus\u00ae Prime Standard and Quartus\u00ae Prime Lite Security Advisory", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-471", "descriptions": [{"lang": "en", "value": "CAPEC-471 Search Order Hijacking"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Altera", "modules": ["Nios II Command Shell"], "product": "Quartus Prime Standard", "versions": [{"status": "affected", "version": "19.1", "versionType": "custom", "lessThanOrEqual": "24.1"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "Altera", "modules": ["Nios II Command Shell"], "product": "Quartus Prime Lite", "versions": [{"status": "affected", "version": "19.1", "versionType": "custom", "lessThanOrEqual": "24.1"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.altera.com/security/security-advisory/asa-0005"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1.", "supportingMedia": [{"type": "text/html", "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.<p>This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:altera:quartus_prime_standard:*:*:windows:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "24.1", "versionStartIncluding": "19.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:altera:quartus_prime_lite:*:*:windows:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "24.1", "versionStartIncluding": "19.1"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "04c0172e-9735-4a9d-a92a-fe01fa863447", "shortName": "Altera", "dateUpdated": "2026-01-06T21:42:28.480Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14625", "state": "PUBLISHED", "dateUpdated": "2026-01-06T21:49:33.995Z", "dateReserved": "2025-12-12T21:06:52.874Z", "assignerOrgId": "04c0172e-9735-4a9d-a92a-fe01fa863447", "datePublished": "2026-01-06T21:42:28.480Z", "assignerShortName": "Altera"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:quartus_prime:*:*:*:*:lite:*:*:*", "matchCriteriaId": "79B62FFE-9FDE-4957-8BA3-B226E50B5989", "versionEndExcluding": "25.1", "versionStartIncluding": "19.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:quartus_prime:*:*:*:*:standard:*:*:*", "matchCriteriaId": "C81184B9-6426-4D39-8CCE-4045126738B2", "versionEndExcluding": "25.1", "versionStartIncluding": "19.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1."}], "id": "CVE-2025-14625", "lastModified": "2026-01-12T15:16:14.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "04c0172e-9735-4a9d-a92a-fe01fa863447", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "04c0172e-9735-4a9d-a92a-fe01fa863447", "type": "Secondary"}]}, "published": "2026-01-07T12:16:55.637", "references": [{"source": "04c0172e-9735-4a9d-a92a-fe01fa863447", "tags": ["Vendor Advisory"], "url": "https://www.altera.com/security/security-advisory/asa-0005"}], "sourceIdentifier": "04c0172e-9735-4a9d-a92a-fe01fa863447", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "04c0172e-9735-4a9d-a92a-fe01fa863447", "type": "Secondary"}]}

{}