CVE-2025-24052 is a stack-based buffer overflow vulnerability classified under CWE-121 found in the Agere Modem driver (ltmdm64.sys) that was included by default in Windows 10 Version 1507 (build 10.0.10240.0). The vulnerability arises from improper handling of input data within the driver, leading to a buffer overflow condition on the stack. This flaw can be exploited by a local attacker with low privileges to execute arbitrary code with elevated privileges, potentially compromising system confidentiality, integrity, and availability. The attack vector requires local access but does not require user interaction, and the complexity of the attack is low, making exploitation feasible in environments where the vulnerable driver is present. Microsoft has acknowledged the issue and removed the vulnerable driver in the October 2025 cumulative update, effectively mitigating the vulnerability by eliminating the attack surface. However, this removal also means that fax modem hardware relying on this driver will no longer function on affected Windows versions, necessitating hardware or software changes for affected users. No public exploits have been reported yet, but the vulnerability’s characteristics and high CVSS score (7.8) indicate a significant risk if exploited. The vulnerability is limited to an older Windows 10 version, which may still be operational in some legacy or specialized environments.

The vulnerability allows local attackers to gain elevated privileges and execute arbitrary code, potentially leading to full system compromise. This can result in unauthorized access to sensitive data, modification or deletion of critical system files, and disruption of system availability. Organizations using Windows 10 Version 1507 with the Agere Modem driver are at risk of targeted attacks, especially in environments where local access is possible, such as shared workstations or multi-user systems. The removal of the driver also impacts operational continuity for organizations relying on fax modem hardware, potentially disrupting business processes that depend on fax communications. Although no known exploits are currently in the wild, the vulnerability’s ease of exploitation and high impact make it a critical concern for affected systems. Legacy systems that have not been updated or patched remain vulnerable, increasing the risk of exploitation in environments with lax update policies or specialized hardware dependencies.

Organizations should immediately apply the October 2025 cumulative update that removes the vulnerable ltmdm64.sys driver from Windows 10 Version 1507 systems. For environments still using fax modem hardware dependent on this driver, it is critical to plan for hardware upgrades or transition to alternative communication methods to avoid operational disruption. Systems running Windows 10 Version 1507 should be upgraded to a more recent and supported Windows version to reduce exposure to this and other vulnerabilities. Restrict local access to affected systems through strict access controls and monitoring to reduce the risk of exploitation. Implement endpoint detection and response (EDR) solutions to detect anomalous behavior indicative of exploitation attempts. Regularly audit and remove legacy hardware dependencies to minimize attack surfaces. Finally, maintain a robust patch management process to ensure timely application of security updates.