{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-14625","assignerOrgId":"04c0172e-9735-4a9d-a92a-fe01fa863447","state":"PUBLISHED","assignerShortName":"Altera","dateReserved":"2025-12-12T21:06:52.874Z","datePublished":"2026-01-06T21:42:28.480Z","dateUpdated":"2026-01-28T22:28:10.748Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","modules":["Nios II Command Shell"],"platforms":["Windows"],"product":"Quartus Prime Standard","vendor":"Altera","versions":[{"lessThanOrEqual":"24.1","status":"affected","version":"19.1","versionType":"custom"}]},{"defaultStatus":"unaffected","modules":["Nios II Command Shell"],"platforms":["Windows"],"product":"Quartus Prime Lite","vendor":"Altera","versions":[{"lessThanOrEqual":"24.1","status":"affected","version":"19.1","versionType":"custom"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:altera:quartus_prime_standard:*:*:windows:*:*:*:*:*","versionEndIncluding":"24.1","versionStartIncluding":"19.1","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:altera:quartus_prime_lite:*:*:windows:*:*:*:*:*","versionEndIncluding":"24.1","versionStartIncluding":"19.1","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.<p>This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1.</p>"}],"value":"Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1."}],"impacts":[{"capecId":"CAPEC-471","descriptions":[{"lang":"en","value":"CAPEC-471 Search Order Hijacking"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"HIGH","attackRequirements":"PRESENT","attackVector":"LOCAL","baseScore":5.4,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"ACTIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-427","description":"CWE-427 Uncontrolled Search Path Element","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"04c0172e-9735-4a9d-a92a-fe01fa863447","shortName":"Altera","dateUpdated":"2026-01-28T22:28:10.748Z"},"references":[{"url":"https://www.altera.com/security/security-advisory/asa-0005"},{"url":"https://community.altera.com/kb/knowledge-base/how-to-mitigate-the-security-vulnerability-in-the-nios%C2%AE-ii-command-shell-utility/350185"}],"source":{"discovery":"UNKNOWN"},"title":"Quartus® Prime Standard and Quartus® Prime Lite Security Advisory","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-06T21:49:26.029382Z","id":"CVE-2025-14625","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-06T21:49:33.995Z"}}]}}