Elevation of Privilege Vulnerability in Agere Modem Driver by Microsoft
CVE-2025-24990

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows 11 Version 25h2; Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation)
Vendor: CVE Published:; 14 October 2025

Badges

📈 Score: 1,300👾 Exploit Exists🟡 Public PoC🦅 CISA Reported📰 News Worthy

What is CVE-2025-24990?

CVE-2025-24990 is an elevation of privilege vulnerability associated with the Agere Modem driver that is included with Microsoft Windows operating systems. This driver facilitates communication between the operating system and fax modem hardware, enabling users to send and receive faxes directly from their machines. The identified vulnerability may allow malicious actors to exploit this driver, potentially gaining unauthorized access to system resources and elevated privileges. As a result, this vulnerability poses a significant risk to organizations as it could lead to unauthorized modifications to system configurations, data exfiltration, or further exploitation of networked environments. The proactive decision by Microsoft to remove the ltmdm64.sys driver in a cumulative update underscores the critical nature of this issue and reflects the potential operational impact on businesses reliant on fax modem functionality.

Potential impact of CVE-2025-24990

Unauthorized System Access: The elevation of privilege vulnerability in the Agere Modem driver could enable attackers to gain elevated rights on affected systems, which may lead to unauthorized access to sensitive information and critical infrastructure.
Operational Disruption: The removal of the ltmdm64.sys driver in the October cumulative update will render dependent fax modem hardware non-functional on Windows systems. This could disrupt business operations that rely on fax communications, leading to productivity losses.
Increased Vulnerability to Exploitation: The potential for exploitation of this vulnerability in conjunction with the removal of critical driver support heightens the risks within organizational IT environments, as unpatched systems could become targets for further attacks while organizations scramble to adjust their hardware solutions.

CISA has reported CVE-2025-24990

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-24990 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1507 x64-based Systems 10.0.10240.0 < 10.0.10240.21161

Windows 10 Version 1607 x64-based Systems 10.0.14393.0 < 10.0.14393.8519

Windows 10 Version 1809 x64-based Systems 10.0.17763.0 < 10.0.17763.7919

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-24990_POC
Created by moiz-2x