CVE-2025-14612 – This CVE describes an insecure temporary file v... (How to Fix)

Q: What is the severity of CVE-2025-14612?

CVE-2025-14612 has a CVSS score of 6.7 (MEDIUM). This CVE describes an insecure temporary file vulnerability in Altera Quartus Prime Pro Installer on Windows where predictable file names are used. Attackers can exploit this to overwrite or manipulate temporary files, potentially leading to privilege escalation or arbitrary code execution. This affects Quartus Prime Pro versions 24.1 through 25.1.1.

📋 TL;DR

This CVE describes an insecure temporary file vulnerability in Altera Quartus Prime Pro Installer on Windows where predictable file names are used. Attackers can exploit this to overwrite or manipulate temporary files, potentially leading to privilege escalation or arbitrary code execution. This affects Quartus Prime Pro versions 24.1 through 25.1.1.

💻 Affected Systems

Products:

Altera Quartus Prime Pro Installer (SFX)

Versions: 24.1 through 25.1.1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the Windows installer component; requires local access to the system.

📦 What is this software?

Quartus Prime by Intel

View all CVEs affecting Quartus Prime →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains SYSTEM privileges or executes arbitrary code with elevated permissions through file manipulation.

🟠

Likely Case

Local user with limited privileges escalates to administrator rights or disrupts installation processes.

🟢

If Mitigated

Attack fails due to proper file permissions or security software blocking suspicious file operations.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to the target system.

🏢 Internal Only: MEDIUM - Internal users with local access could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and knowledge of predictable file naming patterns used by the installer.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 25.1.2 or later

Vendor Advisory: https://www.altera.com/security/security-advisory/asa-0004

Restart Required: Yes

Instructions:

1. Download Quartus Prime Pro version 25.1.2 or later from Intel/Altera website. 2. Uninstall affected versions. 3. Install patched version. 4. Restart system.

🔧 Temporary Workarounds

Restrict installer permissions

windows

Limit who can run the Quartus installer and ensure it runs with minimal necessary privileges.

Monitor temporary directories

windows

Implement file system monitoring on temporary directories used by Quartus installer.

🧯 If You Can't Patch

Restrict local access to systems running Quartus Prime Pro to trusted users only.
Implement application whitelisting to prevent unauthorized installer execution.

🔍 How to Verify

Check if Vulnerable:

Check Quartus Prime Pro version via Help > About in the application or examine installed programs in Windows Control Panel.

Check Version:

wmic product where "name like '%Quartus%'" get version

Verify Fix Applied:

Confirm installed version is 25.1.2 or later and check vendor advisory for specific fix verification steps.

📡 Detection & Monitoring

Log Indicators:

Unusual file creation/deletion in temporary directories during Quartus installation
Failed privilege escalation attempts

Network Indicators:

None - this is a local vulnerability

SIEM Query:

EventID=4688 AND ProcessName LIKE '%quartus%' AND CommandLine LIKE '%temp%'

📊 Metadata

CVE ID: CVE-2025-14612

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-377

EPSS Score: 0.02% exploit probability (2.8th percentile)

Published: January 7, 2026

Last Updated: January 12, 2026

🔗 References

https://www.altera.com/security/security-advisory/asa-0004 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14612, you might also want to check these: