CVE-2025-24990 | THREATINT

Description

Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware.

PUBLISHED Reserved 2025-01-30 | Published 2025-10-14 | Updated 2025-10-15 | Assigner microsoft

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CISA Known Exploited Vulnerability

Date added 2025-10-14 | Due date 2025-11-04

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Problem types

CWE-822: Untrusted Pointer Dereference

Product status

10.0.26200.0 before 10.0.26200.6899

affected

10.0.17763.0 before 10.0.17763.7919

affected

10.0.17763.0 before 10.0.17763.7919

affected

10.0.17763.0 before 10.0.17763.7919

affected

10.0.20348.0 before 10.0.20348.4294

affected

10.0.19044.0 before 10.0.19044.6456

affected

10.0.22621.0 before 10.0.22621.6060

affected

10.0.19045.0 before 10.0.19045.6456

affected

10.0.26100.0 before 10.0.26100.6899

affected

10.0.22631.0 before 10.0.22631.6060

affected

10.0.25398.0 before 10.0.25398.1913

affected

10.0.26100.0 before 10.0.26100.6899

affected

10.0.26100.0 before 10.0.26100.6899

affected

10.0.10240.0 before 10.0.10240.21161

affected

10.0.14393.0 before 10.0.14393.8519

affected

10.0.14393.0 before 10.0.14393.8519

affected

10.0.14393.0 before 10.0.14393.8519

affected

6.0.6003.0 before 6.0.6003.23571

affected

6.0.6003.0 before 6.0.6003.23571

affected

6.1.7601.0 before 6.1.7601.27974

affected

6.1.7601.0 before 6.1.7601.27974

affected

6.2.9200.0 before 6.2.9200.25722

affected

6.2.9200.0 before 6.2.9200.25722

affected

6.3.9600.0 before 6.3.9600.22824

affected

6.3.9600.0 before 6.3.9600.22824

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24990 (Windows Agere Modem Driver Elevation of Privilege Vulnerability) vendor-advisory

cve.org (CVE-2025-24990)

nvd.nist.gov (CVE-2025-24990)

Download JSON