CVE-2025-24990 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2025-10-14

Added to CISA KEV: 2025-10-14 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Apply October 2025 cumulative updates immediately to remove the vulnerable ltmdm64.sys driver
Monitor for unusual privilege escalation activities or unauthorized administrative access
Remove dependencies on legacy fax modem hardware as Microsoft has permanently removed driver support
HIGH priority patching due to active exploitation and kernel-level impact

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-24990 is a critical security vulnerability involving the third-party Agere modem driver that was natively included in supported Windows operating systems ^[3]?id=CVE-2025-24990?kagi_q=CVE-2025-24990+details+exploitation+impact+affected+versions.

Below is a summary of the known details regarding this vulnerability:

Exploitation and Threat Actor Usage

Active Exploitation: The vulnerability was identified as being exploited in the wild ^[1]. It was notably categorized as a "zero-day" vulnerability at the time of its disclosure in October 2025 ^[2].
Targeted Attacks/Ransomware: While it was confirmed to be exploited in real-world attacks, specific details linking it to widespread ransomware campaigns or specific threat actor groups were not widely publicized in general security reporting at the time of disclosure.

Attack Method and Impact

Impact: Successful exploitation of this vulnerability allows for privilege escalation ^[1].
Requirements: As a driver-level vulnerability, it typically requires local access to the system to be triggered. Further technical details regarding the necessity of user interaction or specific network conditions were generally addressed through the removal of the driver rather than public disclosure of a complex exploit chain.

Affected Products and Mitigation

Affected Versions: The vulnerability affected all supported Windows operating systems that included the native Agere modem driver ^[1].
Patch/Mitigation Status: Microsoft addressed this issue by releasing security updates on October 14, 2025 ^[2]. The primary mitigation provided by Microsoft was the removal of the vulnerable driver via these updates ^[1].

Users are advised to ensure their Windows systems are fully patched to the latest available versions to ensure the driver has been removed and the vulnerability is mitigated.

Sources

CVE-2025-24990 - Exploits & Severity - Feedly
A critical Windows vulnerability (CVE-2025-24990) in the Agere modem driver enables privilege escalation; Microsoft has removed the driver via updates, but exploitation exists, affecting all supported Windows versions. ... A critical Windows vulnerability (CVE-2025-24990) in the Agere modem driver e…
CVE-2025-59290 - Exploits & Severity - Feedly
There is no evidence of proof of exploitation at the moment. Patch. A security update is available, with patches released on 2025-10-14 for affected Windows versions. Mitigation.其中包括3个零日漏洞（CVE-2025-24990、CVE-2025-59230、CVE-2025-24052），可能导致权限提升或远程代码执行。建议用户尽快安装补丁进行防护。…
CVE-2025-24990 Detail - NVD
Description. Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. ... Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on offic…