CVE-2025-24990

Name of the Vulnerable Software and Affected Versions Windows Agere Modem Driver (ltmdm64.sys) versions prior to the October 2025 cumulative update

Description The Agere Modem Driver, a component used for dial-up or fax connections in Windows, contains a flaw related to the handling of untrusted pointers. Successful exploitation of this issue allows a local attacker to gain administrative privileges. A proof-of-concept exploit has been publicly released, and active exploitation has been observed. The driver has been removed in the October 2025 cumulative update. The vulnerability exists due to improper handling of user-mode to kernel-mode transitions, specifically within the RtlQueryRegistryValues function and related IOCTL handlers that use METHOD NEITHER without proper pointer validation. This allows for arbitrary memory read and write operations in kernel space. Approximately 33 articles have been published about this vulnerability from various internet sources, indicating widespread attention.

Recommendations Install the October 2025 cumulative update to remove the vulnerable driver. Remove any existing dependencies on fax modem hardware that relies on this driver. As a temporary workaround, consider disabling or uninstalling the Agere Modem Driver (ltmdm64.sys) if it is not required.