CVE-2025-24990 is a vulnerability identified in the Agere Modem driver (ltmdm64.sys), which is a third-party driver shipped natively with Windows 11 Version 25H2 (build 10.0.26200.0). The vulnerability is classified under CWE-822, indicating an untrusted pointer dereference flaw. This type of flaw occurs when the driver dereferences pointers that can be manipulated by an attacker, potentially leading to arbitrary code execution or system compromise. The vulnerability allows an attacker with low privileges and local access to execute code with elevated privileges, compromising confidentiality, integrity, and availability of the system. Microsoft has addressed this vulnerability by removing the vulnerable driver entirely in the October 2025 cumulative update, effectively ending support for fax modem hardware dependent on ltmdm64.sys. This removal means that fax modems relying on this driver will no longer function on updated Windows 11 systems. No public exploits have been reported yet, but the ease of exploitation combined with the high impact makes this a critical issue for affected users. The vulnerability requires no user interaction but does require local access, which limits remote exploitation but still poses a significant risk in environments where attackers can gain initial access. The CVSS v3.1 score of 7.8 reflects a high severity rating due to the potential for full system compromise. Organizations using legacy fax modem hardware on Windows 11 25H2 should plan to remove dependencies on this hardware and update systems promptly to the patched version.

For European organizations, the impact of CVE-2025-24990 is significant primarily for those still utilizing legacy fax modem hardware integrated with Windows 11 Version 25H2. The removal of the vulnerable driver disables such hardware, potentially disrupting business processes reliant on fax communications. From a security perspective, the vulnerability allows local attackers with low privileges to escalate to full system control, threatening sensitive data confidentiality, system integrity, and availability. This could lead to data breaches, ransomware deployment, or persistent footholds in critical infrastructure. Organizations in sectors like healthcare, legal, and government, where fax remains in use, face operational and security risks. The lack of known exploits reduces immediate threat but does not eliminate risk, especially in environments with insider threats or compromised endpoints. The need to migrate away from affected hardware may incur operational costs and require process adjustments. Overall, the vulnerability underscores the risks of legacy hardware dependencies in modern OS environments and the importance of timely patching and hardware lifecycle management.

European organizations should take the following specific actions: 1) Immediately apply the October 2025 cumulative update to Windows 11 Version 25H2 systems to remove the vulnerable ltmdm64.sys driver. 2) Conduct an inventory of all fax modem hardware and identify dependencies on the Agere Modem driver. 3) Plan and execute migration away from legacy fax modem hardware to alternative communication methods or updated hardware that does not rely on the vulnerable driver. 4) Implement strict local access controls and monitoring to detect and prevent unauthorized privilege escalation attempts. 5) Harden endpoint security by limiting local user privileges and employing application whitelisting to reduce attack surface. 6) Educate IT and security teams about the removal of the driver and the operational impact to ensure business continuity. 7) For organizations where fax is critical, consider secure fax-over-IP solutions or encrypted digital alternatives to reduce reliance on legacy hardware. 8) Maintain up-to-date asset and vulnerability management to quickly identify and remediate similar legacy component risks in the future.