CVE-2025-24990

HighCISA KEVActive Exploitation

Published: 14 October 2025

Published

14 October 2025

Modified

18 November 2025

KEV Added

14 October 2025

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0276 86.1th percentile

Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

Security Summary

CVE-2025-24990 affects the third-party Agere Modem driver, specifically ltmdm64.sys, which ships natively with supported Windows operating systems. This vulnerability, associated with CWE-822 (Untrusted Pointer Dereference), has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Microsoft has announced the removal of the driver due to these issues, with the driver already excised in the October cumulative update.

A local attacker with low privileges can exploit the vulnerability through low-complexity means requiring no user interaction. Exploitation enables high-impact consequences on confidentiality, integrity, and availability, facilitating elevation of privilege on affected Windows systems.

Microsoft advisories state that the ltmdm64.sys driver has been removed via the October cumulative update, rendering dependent fax modem hardware non-functional on Windows. The company recommends eliminating any existing dependencies on this hardware. Additional guidance includes detection and mitigation scripts from Vicarius, with the vulnerability documented on MSRC and listed in CISA's Known Exploited Vulnerabilities Catalog.

The presence in CISA's KEV catalog indicates active real-world exploitation.

Details

CWE(s): CWE-822
KEV Date Added: 14 October 2025

Affected Products

microsoft

windows 10 1507

≤ 10.0.10240.21161

microsoft

windows 10 1607

≤ 10.0.14393.8519

microsoft

windows 10 1809

≤ 10.0.17763.7919

microsoft

windows 10 21h2

≤ 10.0.19044.6456

microsoft

windows 10 22h2

≤ 10.0.19045.6456

microsoft

windows 11 22h2

≤ 10.0.22621.6060

microsoft

windows 11 23h2

≤ 10.0.22631.6060

microsoft

windows 11 24h2

≤ 10.0.26100.6899

microsoft

windows 11 25h2

≤ 10.0.26200.6899

microsoft

windows server 2008

all versions, r2

+6 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise Techniques

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability enables local low-privileged attackers to achieve privilege escalation via exploitation of the vulnerable driver (CWE-822), directly mapping to T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24990
Vendor Advisory · secure@microsoft.com
https://www.vicarius.io/vsociety/posts/cve-2025-24990-detection-script-elevation-of-privilege-vulnerability-in-agere-modem-driver-affecting-windows
Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
https://www.vicarius.io/vsociety/posts/cve-2025-24990-mitigation-script-elevation-of-privilege-vulnerability-in-agere-modem-driver-affecting-windows
Mitigation, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24990
US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0