CVE-2025-24990

high

Description

Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware.

From the Tenable Blog

Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230)

Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230)

Published: 2025-10-14

Microsoft addresses 167 CVEs in its largest Patch Tuesday to date, including three zero-day vulnerabilities, two of which were exploited in the wild.

References

Advisories
Exploits

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24990

https://securityaffairs.com/183479/security/u-s-cisa-adds-skysea-client-view-rapid7-velociraptor-microsoft-windows-and-igel-os-flaws-to-its-known-exploited-vulnerabilities-catalog.html

https://www.securityweek.com/microsoft-patches-173-vulnerabilities-including-exploited-windows-flaws/

https://www.infosecurity-magazine.com/news/last-windows-10-patch-tuesday-six/

https://www.helpnetsecurity.com/2025/10/15/microsoft-patch-tuesday-zero-days-cve-2025-24990-cve-2025-59230-cve-2025-47827/

https://thehackernews.com/2025/10/two-new-windows-zero-days-exploited-in.html

https://www.cisa.gov/news-events/alerts/2025/10/14/cisa-adds-five-known-exploited-vulnerabilities-catalog

Details

Source: Mitre, NVD

Published: 2025-10-14

Updated: 2025-10-15

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.07264