CVE-2025-24990
CISA KEV ActiveTitle: Microsoft Windows 10 22H2
Other
Proof Of Concept
PoC Available for CVE-2025-24990
CWE Category
CWE-822
Published Date
Oct 14, 2025
Modified Date
Nov 18, 2025
Exploit Status
Available
Score
7.8
CVSS v3.1
Exploit Probability (EPSS)
5.79%
Vulnerability Summary
CVE-2025-24990: Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware.
Impacted Vendors
Reference Links
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24990
https://www.vicarius.io/vsociety/posts/cve-2025-24990-detection-script-elevation-of-privilege-vulnerability-in-agere-modem-driver-affecting-windows
https://www.vicarius.io/vsociety/posts/cve-2025-24990-mitigation-script-elevation-of-privilege-vulnerability-in-agere-modem-driver-affecting-windows
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24990
CVSS v3.1
Source Entity
[email protected]
Severity
HIGH
7.8
Attack Vector
LOCAL
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2025-24990 Exploits & PoCs (Proof Of Concept)
GitHub
https://github.com/moiz-2x/CVE-2025-24990_POC
MODIFIED
Vulnerability data or affected products updated.
MODIFIED
Vulnerability data updated via NVD.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
LOCAL
Complexity
LOW
Privileges
N/A
Interaction
NONE
CVSS Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Stack
No specific products linked.