CVE-2024-53977

Name of the Vulnerable Software and Affected Versions: ModelSim versions prior to V2025.1 Questa versions prior to V2025.1

Description: A vulnerability has been identified that allows an authenticated local attacker to inject arbitrary code and escalate privileges. This is possible because an example setup script contained in affected applications loads a specific executable file from the current working directory. If administrators or processes with elevated privileges launch the script from a user-writable directory, the attacker could exploit this issue.

Recommendations: For ModelSim versions prior to V2025.1, update to version V2025.1 or later to resolve the issue. For Questa versions prior to V2025.1, update to version V2025.1 or later to resolve the issue. As a temporary workaround, consider restricting the launch of the setup script from user-writable directories to minimize the risk of exploitation.