Primary

Context

Altera Quartus Prime Pro Uncontrolled Search Path Element Vulnerability Allowing Search Order Hijacking

Vulnerability

Patched

A vulnerability allowing search order hijacking has been identified in Altera Quartus Prime Pro Edition for Windows, specifically within the System Console utility. This vulnerability, categorized as an uncontrolled search path element issue, affects versions 17.0 through 25.1.1. The vulnerability arises from a current working directory planting attack, which could potentially lead to unauthorized privilege escalation.

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation.

Remediation

Users are advised to upgrade to Quartus Prime Pro Edition 25.1.1 or later. For those using Quartus Prime Pro Edition Programmer and Tools, version 25.1.1 or later should be used.

Added: Jan 7, 2026, 2:04 AM

Updated: Jan 7, 2026, 2:04 AM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

10.0

exploitability

2.9

remediation

7.7

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

10.0

exploitability

2.9

remediation

7.7

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Altera Quartus Prime Pro Uncontrolled Search Path Element Vulnerability Allowing Search Order Hijacking

Vulnerability

Impact

Remediation

Affected Products

Altera Quartus Prime Pro

Altera Quartus Prime Pro Edition Programmer and Tools

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating