Altera Quartus Prime Pro Installer
Moderate fix2 remedies
cpe:2.3:a:intel:quartus_prime_pro:*:*:*:*:*:*:*
Moderate fix2 remedies
- >= 24.1, <= 25.1.1
Altera Quartus Prime Pro Installer Insecure Temporary File Vulnerability
Vulnerability
Patched
A vulnerability allowing the use of predictable file names in temporary files has been identified in the Altera Quartus Prime Pro Installer (SFX) for Windows. This issue affects versions 24.1 prior to 25.1.1 and can lead to a binary planting attack, where an attacker could potentially manipulate the installation process by placing malicious files in predictable locations.
Impact
Exploitation of this vulnerability could allow for a binary planting attack, where an attacker could place a malicious executable in a location that the installer would later execute, potentially leading to unauthorized code execution.
Remediation
Users are advised to upgrade to the Quartus 25.3 Pro Edition installer or later. For those using older versions of Quartus Prime Pro, downloading the individual installation files directly from the Altera download page will avoid this issue, as these files are not affected by the vulnerability.
Added: Jan 7, 2026, 2:04 AM
Updated: Jan 7, 2026, 2:04 AM
Vulnerability Rating
Custom Algorithm
spread
2.4impact
5.0exploitability
2.9remediation
7.7relevance
1.8threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.