CVE-2025-24990
Published Oct 14, 2025
Last updated 7 months ago
AI description
CVE-2025-24990 refers to vulnerabilities found in the third-party Agere Modem driver (specifically ltmdm64.sys) that is included in Windows operating systems. The vulnerability is due to an untrusted pointer dereference. Microsoft is aware of the vulnerabilities and has removed the ltmdm64.sys driver in the October cumulative update. As a result, fax modem hardware that relies on this driver will no longer function on Windows. It has been recommended to remove any existing dependencies on this hardware.
- Description
- Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Untrusted Pointer Dereference Vulnerability
- Exploit added on
- Oct 14, 2025
- Exploit action due
- Nov 4, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-822
- Hype score
- Not currently trending
Last October, Microsoft did something rare: instead of patching a bug, they deleted the driver. CVE-2025-24990 was a kernel EoP in a 56K-modem driver Windows had shipped for two decades — exploited in the wild against an install base of essentially nobody.
@DailyCVEBrief
21 May 2026
262 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft is patching actively exploited vulnerabilities in Windows 10, such as vulnerability (CVE-2025-24990), which threat actors are exploiting to gain administrative privileges. This puts unpatched systems at risk of malware installation and complete system compromise.
@cybernewslive
9 Nov 2025
74 Impressions
1 Retweet
0 Likes
0 Bookmarks
2 Replies
0 Quotes
“Windows”da boşluqlar (CVE-2025-24990, CVE-2025-59230) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/pjHqrLsSKY
@CERTAzerbaijan
5 Nov 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CRITICAL: ngCERT cautions on active exploitation of Zero-Day vulnerabilities in Windows Remote Access Connection Manager (Rasman) and Windows Agere Modern Driver services dubbed (CVE-2025-59230 and CVE-2025-24990) Visit our website for more info: https://t.co/1vOpg4nH93 https://
@ngCERTofficial
3 Nov 2025
109 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24990-Universal Windows Agere Driver privilege escalation; affects every Windows version; SYSTEM access - CyberDudeBivash PostMortem Report Read the full report on - https://t.co/xVy8KH9eHM https://t.co/zjbWl50Q4l
@cyberbivash
2 Nov 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24990
@transilienceai
1 Nov 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft stopped support #Windows10 on 14 Oct. No more official security patches/bug fixes/tech support Attackers quickly targeting unpatched devices. Exploits (CVE-2025-24990: modem driver & CVE-2025-59230: RasMan service) have seen attacks in the last few weeks #CyberSecu
@a_data_0
26 Oct 2025
101 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Mantap alertnya, @Huntio ! Dua zero-day Windows baru dieksploit di alam liar: CVE-2025-24990 (eskalasi privilege di driver Agere modem) & CVE-2025-59230 (flaw di Remote Access Connection Manager). Komponen usang pun jadi sasaran empuk hacker! Segera patch, monitor driver
@BJORKANISM_REAL
25 Oct 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Two New Windows Zero-Days Exploited in the Wild https://t.co/McHJNHNkOw Microsoft has confirmed two actively exploited zero-day vulnerabilities: CVE-2025-24990 (a privilege escalation in the Agere modem driver present in all Windows versions) and CVE-2025-59230 (an
@Huntio
24 Oct 2025
9867 Impressions
46 Retweets
147 Likes
71 Bookmarks
0 Replies
3 Quotes
🚨 CISO Threat Brief - Oct 22, 2025 CRITICAL ALERTS: 🔴 Microsoft Zero-Days (2 exploited): • CVE-2025-24990: Windows Modem Driver privesc • CVE-2025-59230: RasMan privesc Patch NOW - 172 vulns total in Oct PT 🔴 CISA KEV (Due Nov 10): • CVE-2025-61884: Oracle EBS SS
@drbinaryai
23 Oct 2025
84 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
3/ 🧨 The second threat, CVE-2025-24990, hides inside legacy modem drivers — installed by default on every Windows system. Yes, even if you’ve never used that hardware. Microsoft has removed the driver entirely to stop the attack chain.
@FaheemkAnsari
21 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Actualizaciones mensuales de Microsoft ❗CVE-2025-24052 ❗CVE-2025-24990 ❗CVE-2025-25004 ➡️Más info: https://t.co/fWnBRXVugA https://t.co/89bv5HrLRh
@CERTpy
20 Oct 2025
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/yCYMV07qCu https://t.co/m5TH6AZFMM
@dansantanna
20 Oct 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/T6PRIRimG1 https://t.co/zFpHYQTyFj
@secured_cyber
19 Oct 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Patch Tuesday brings 175 new CVEs, incl. 8 crit & 6 zero-days. Key alerts: CVE-2025-24990 (Agere Modem Driver), CVE-2025-59230 (RASMAN), and CVE-2025-59287 (WSUS). Watch out for the Cisco IOS/IOS XE SNMP vuln. https://t.co/3eV9FdZgfh #CyberSecurity #PatchTuesday #Infosec
@pinholedawn
18 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft has released its October 2025 Patch Tuesday security updates, addressing a total of 172 vulnerabilities across various Windows components and related products. This includes fixes for six zero-day vulnerabilities, two of which were actively exploited (CVE-2025-24990 and
@xiParas
18 Oct 2025
127 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/JHvJE2PMei https://t.co/GECC2G5FlR
@IT_Peurico
17 Oct 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📰 This week’s cybersecurity recap highlights the Verisure partner data breach affecting 35,000 customers, the Envoy Air Oracle-linked hack targeting aviation systems, and Microsoft’s patch for a legacy modem driver flaw (CVE-2025-24990). Stay informed and stay secure. http
@ThreatHunter_AI
17 Oct 2025
112 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Actualizaciones mensuales de Microsoft ❗CVE-2025-24052 ❗CVE-2025-24990 ❗CVE-2025-25004 ➡️Más info: https://t.co/cswO0I52TG https://t.co/TBULEaiuRz
@CERTpy
17 Oct 2025
112 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/uRZdnuzhEC https://t.co/ZAFQu8uEBB
@pcasano
17 Oct 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆: 𝗢𝗰𝘁𝗼𝗯𝗲𝗿 𝟮𝟬𝟮𝟱 𝗛𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀 𝗬𝗼𝘂 𝗦𝗵𝗼𝘂𝗹𝗱𝗻’𝘁 𝗠𝗶𝘀𝘀 ▪️ Microsoft has addressed 173 vulnerabilities, three exploited zero-day
@Action1corp
17 Oct 2025
105 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
For CVE-2025-24990 (ltmdm64.sys driver), could use a sanity check from someone much better than me at this, but I think the vulnerability lies in its call to RtlQueryRegistryValues? The QueryTable flags parameter to this function is set to 0x24; based on the values in wdm.h (1/X)
@_misthi0s
16 Oct 2025
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/0YDBcVkBwO https://t.co/wYyzn9LxGI
@Trej0Jass
15 Oct 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Active Windows Agere Modem Driver Zero-Day Under Attack A zero-day flaw in Windows Agere Modem driver (CVE-2025-24052, CVE-2025-24990) is actively exploited for privilege escalation, enabling low-privileged users to gain full control without interaction. Microsoft released an ht
@Secwiserapp
15 Oct 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/n9sOK0EYIX https://t.co/Yey6F3y5ox
@ggrubamn
15 Oct 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/2oZtpYVPec https://t.co/nYQsIPcZam
@EAlexStark
15 Oct 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Two New #Windows Zero-Days Exploited! ⚠️ One affects every version ever shipped. 🛑 CVE-2025-24990 – Agere Modem Driver Privilege Escalation 🛑 CVE-2025-59230 – RasMan Elevation of Privilege 🔒 Patch now or risk full system compromise. 👉 https://t.co/N4SzKS
@vulert_official
15 Oct 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠ Microsoft patches two Windows zero-days exploited in the wild: CVE-2025-24990 (Agere ltmdm64.sys) & CVE-2025-59230 (RasMan LPE). Patch immediately, hunt for ltmdm64.sys, and follow CISA KEV guidance. #Windows #ZeroDay #InfoSec
@Wh1teCoon
15 Oct 2025
181 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/bEKrYT5wgA https://t.co/vrxgZ3r0mN
@valterpcjr
15 Oct 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24990 and CVE-2025-59230 active Windows zero days. IGEL Secure Boot bypass. All on CISA KEL. Fix by Nov 4. #Cybersecurity #WindowsZeroDay #ExploitAnalysis #PrivilegeEscalation #RasMan #SecureBootBypass #ThreatHunting #CISA #VulnerabilityResearch #IncidentResponse https:/
@CloneSystemsInc
15 Oct 2025
100 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/UlgXlDxVGu https://t.co/bVFINgfxhZ
@Art_Capella
15 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ @Microsoft “End of 10” Patch Tuesday lands with 172 fixes - including 2 exploited zero-days. This marks the final updates for #Windows10. • CVE-2025-24990 – Agere Modem driver flaw (removed entirely) • CVE-2025-59230 – RasMan exploited zero-day • CVE-2025-5
@TechNadu
15 Oct 2025
240 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Patch Tuesday Fixes 175 Flaws, 2 Zero-Days Actively Exploited Microsoft fixed 175 vulnerabilities, including two actively exploited zero-days (CVE-2025-24990 and CVE-2025-59230) with CVSS 7.8. CISA added them to its exploited list. The Agere Modem driver was removed, h
@Secwiserapp
14 Oct 2025
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24990 Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of … https://t.co/h0q9bdI8j9
@CVEnew
14 Oct 2025
343 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
**CVE-2025-24990** pertains to a security issue involving the **ltmdm64.sys** driver, a third-party Agere Modem driver that ships natively with certain Windows operating systems. Microsoft has announced the removal of this driver in the October cumulative update, citing security
@CveTodo
14 Oct 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
𝗧𝗼𝗱𝗮𝘆'𝘀 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆 𝗼𝘃𝗲𝗿𝘃𝗶𝗲𝘄: ▪️ Microsoft has addressed 173 vulnerabilities, three exploited zero-days (CVE-2025-59230, CVE-2025-47827 and CVE-2025-24990) and three with PoC (CVE-2025-2884, CVE-2
@Action1corp
14 Oct 2025
128 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "030F3214-D6AF-40A9-9FC9-523AC9870581",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8145D41-BFB2-47A6-B5E5-1A038A27C1C1",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8EA6DE31-A17D-43D4-9154-49B5FA8FB5A6",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "B5441F68-143C-4091-B709-14CAC586DF76",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EF253003-2A82-4CFB-A6A3-267B3C485056",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "85672C76-ADAD-468B-8C20-8A3587DA008A",
"versionEndIncluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "4A557865-B254-47F6-953B-340EF93FDB2B",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "A7382D6B-5E7D-4769-BC40-0120F08DC6B1",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "860ADFF9-62D0-425B-9310-99ACFC92EB12",
"versionEndIncluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41",
"versionEndIncluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]