CVE-2025-24990 is a vulnerability classified under CWE-822 (Untrusted Pointer Dereference) found in the Agere Modem driver (ltmdm64.sys) that ships natively with Windows 11 Version 25H2 (build 10.0.26200.0). The flaw allows an attacker with low privileges (PR:L) and no user interaction (UI:N) to exploit the driver by causing it to dereference untrusted pointers, potentially leading to arbitrary code execution with high impact on confidentiality, integrity, and availability. The vulnerability is local attack vector (AV:L), meaning the attacker needs local access to the system but can escalate privileges and fully compromise the system once exploited. Microsoft has addressed this issue by removing the vulnerable driver entirely in the October cumulative update, effectively disabling fax modem hardware dependent on ltmdm64.sys. This removal means that any fax modem relying on this driver will no longer function on updated Windows 11 systems. No public exploits or active exploitation have been reported, but the severity and potential impact warrant immediate attention. The vulnerability's exploitability is facilitated by the low complexity and lack of required user interaction, making it a significant risk for affected systems. Organizations using fax modems with this driver must plan hardware and software transitions to avoid operational disruptions.

The vulnerability poses a high risk to European organizations that still use fax modem hardware dependent on the ltmdm64.sys driver. Exploitation can lead to full system compromise, allowing attackers to execute arbitrary code, access sensitive data, and disrupt system availability. This is particularly critical for sectors such as healthcare, legal, and government agencies where fax communication remains in use and where data confidentiality and system integrity are paramount. The removal of the driver in the October update means organizations will face operational impacts if they continue to rely on affected fax modems, potentially disrupting business processes. Additionally, the vulnerability could be leveraged by insiders or attackers with local access to escalate privileges and move laterally within networks. The lack of known exploits reduces immediate threat but does not eliminate risk, especially as attackers may develop exploits given the public disclosure. Organizations must balance the risk of exploitation against the operational impact of removing legacy hardware support.

European organizations should immediately apply the October cumulative update for Windows 11 Version 25H2 or later to ensure the vulnerable driver is removed. They must audit their environments to identify any dependencies on fax modem hardware using the ltmdm64.sys driver and plan to replace or retire such hardware. Transitioning to modern communication methods that do not rely on legacy fax modems is strongly recommended. For environments where fax functionality is critical, consider virtualized or software-based fax solutions that do not depend on vulnerable drivers. Implement strict access controls and monitoring on systems with local user access to reduce the risk of exploitation. Additionally, maintain up-to-date endpoint protection and intrusion detection systems to detect any anomalous behavior indicative of exploitation attempts. Document and communicate the removal impact to affected business units to ensure operational continuity.