CVE-2025-24990

HIGH KEV

Agere Modem - Info Disclosure

Title source: llm

Description

Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware.

Exploits (1)

github WORKING POC 55 stars

by moiz-2x · clocal

https://github.com/moiz-2x/CVE-2025-24990_POC

View Code ZIP pw:eip

References (4)

[Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24990

[Third Party Advisory] https://www.vicarius.io/vsociety/posts/cve-2025-24990-detection-script-elevation-of-privilege-vulnerability-in-agere-modem-driver-affecting-windows

[Mitigation, Third Party Advisory] https://www.vicarius.io/vsociety/posts/cve-2025-24990-mitigation-script-elevation-of-privilege-vulnerability-in-agere-modem-driver-affecting-windows

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24990

Scores

CVSS v3 7.8

EPSS 0.0276

EPSS Percentile 86.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2025-10-14

VulnCheck KEV 2025-10-14

ENISA EUVD EUVD-2025-34257

CWE

CWE-822

Status published

Products (18)

microsoft/windows_10_1507 < 10.0.10240.21161

microsoft/windows_10_1607 < 10.0.14393.8519

microsoft/windows_10_1809 < 10.0.17763.7919

microsoft/windows_10_21h2 < 10.0.19044.6456

microsoft/windows_10_22h2 < 10.0.19045.6456

microsoft/windows_11_22h2 < 10.0.22621.6060

microsoft/windows_11_23h2 < 10.0.22631.6060

microsoft/windows_11_24h2 < 10.0.26100.6899

microsoft/windows_11_25h2 < 10.0.26200.6899

microsoft/windows_server_2008

... and 8 more

Published Oct 14, 2025

KEV Added Oct 14, 2025

Tracked Since Feb 18, 2026