CVE-2025-24990

HIGH KEV

Windows Agere Modem Driver - Untrusted Pointer Dereference

Title source: llm

Exploitation Summary

CVE-2025-24990 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 14, 2025. EIP tracks 1 public exploit from researchers including moiz-2x.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-24990, targeting the Windows Agere Modem Driver (`ltmdm64.sys`). The exploit leverages multiple IOCTL vulnerabilities, including arbitrary write, arbitrary decrement, and arbitrary read primitives, to achieve privilege escalation in a BYOVD (Bring Your Own Vulnerable Driver) scenario.

Description

Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware.

Exploits (1)

github WORKING POC 55 stars

by moiz-2x · clocal

https://github.com/moiz-2x/CVE-2025-24990_POC

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-24990, targeting the Windows Agere Modem Driver (`ltmdm64.sys`). The exploit leverages multiple IOCTL vulnerabilities, including arbitrary write, arbitrary decrement, and arbitrary read primitives, to achieve privilege escalation in a BYOVD (Bring Your Own Vulnerable Driver) scenario.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Windows Agere Modem Driver (ltmdm64.sys)

Auth required

Prerequisites: Administrative privileges to load the vulnerable driver · Windows system with the vulnerable driver present

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1211 - Exploitation for Defense Evasion

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory

https://www.vicarius.io/vsociety/posts/cve-2025-24990-detection-script-elevation-of-privilege-vulnerability-in-agere-modem-driver-affecting-windows

Mitigation, Third Party Advisory

https://www.vicarius.io/vsociety/posts/cve-2025-24990-mitigation-script-elevation-of-privilege-vulnerability-in-agere-modem-driver-affecting-windows

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24990

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24990

Scores

CVSS v3 7.8

EPSS 0.0276

EPSS Percentile 86.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2025-10-14

VulnCheck KEV 2025-10-14

ENISA EUVD EUVD-2025-34257

CWE

CWE-822

Status published

Products (18)

microsoft/windows_10_1507 < 10.0.10240.21161

microsoft/windows_10_1607 < 10.0.14393.8519

microsoft/windows_10_1809 < 10.0.17763.7919

microsoft/windows_10_21h2 < 10.0.19044.6456

microsoft/windows_10_22h2 < 10.0.19045.6456

microsoft/windows_11_22h2 < 10.0.22621.6060

microsoft/windows_11_23h2 < 10.0.22631.6060

microsoft/windows_11_24h2 < 10.0.26100.6899

microsoft/windows_11_25h2 < 10.0.26200.6899

microsoft/windows_server_2008

... and 8 more

Published Oct 14, 2025

KEV Added Oct 14, 2025

Tracked Since Feb 18, 2026