CVE-2025-24990: 
vulnerability analysis and mitigation

Microsoft Windows Agere Modem Driver (ltmdm64.sys) contains an untrusted pointer dereference vulnerability (CVE-2025-24990) that was discovered and disclosed in October 2025. The vulnerability affects all supported Windows operating systems that ship with the third-party Agere Modem driver natively. This critical security flaw has been confirmed to be actively exploited in the wild (NVD, Hacker News).

The vulnerability has been assigned a CVSSv3 score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. It is classified as an Untrusted Pointer Dereference vulnerability (CWE-822) that exists in the ltmdm64.sys driver. The vulnerability requires local access but low privileges to exploit, and no user interaction is needed for successful exploitation (NVD, Tenable).

Successful exploitation of this vulnerability allows an attacker with minimal privileges to elevate their access to administrator privileges on the affected system. The vulnerability affects all Windows systems with the Agere Modem driver installed, regardless of whether the associated hardware is present or in use (Hacker News).

Microsoft has chosen to remove the ltmdm64.sys driver entirely rather than patch the vulnerability. The driver has been removed in the October cumulative update. As a result, any fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware (NVD).

Security researchers have emphasized the severity of this vulnerability. Alex Vovk, CEO of Action1, described it as 'dangerous' due to its presence in legacy code installed by default. Adam Barnett from Rapid7 highlighted that the vulnerability affects all systems regardless of hardware configuration (Hacker News).