Elevation of Privilege Vulnerability in Agere Modem Driver by Microsoft
CVE-2025-24990

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows 11 Version 25h2; Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation)
Vendor: CVE Published:; 14 October 2025

Badges

👾 Exploit Exists🟡 Public PoC🦅 CISA Reported📰 News Worthy

What is CVE-2025-24990?

A vulnerability exists in the Agere Modem driver included with Windows operating systems, related to its elevation of privilege capabilities. This vulnerability affects hardware dependent on the 'ltmdm64.sys' driver, which has been removed as part of the October cumulative update. As a result, fax modem hardware utilizing this driver will experience functionality loss. Microsoft advises users to eliminate any reliance on this hardware to ensure continued operation.

CISA has reported CVE-2025-24990

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-24990 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1507 x64-based Systems 10.0.10240.0 < 10.0.10240.21161

Windows 10 Version 1607 x64-based Systems 10.0.14393.0 < 10.0.14393.8519

Windows 10 Version 1809 x64-based Systems 10.0.17763.0 < 10.0.17763.7919

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-24990_POC
Created by moiz-2x