CVE-2025-24990 is a vulnerability identified in the Agere Modem driver (ltmdm64.sys) that was included with Microsoft Windows 10 Version 1507 (build 10.0.10240.0). The flaw is classified under CWE-822, which involves untrusted pointer dereference. This type of vulnerability occurs when the driver dereferences pointers that can be manipulated by an attacker, potentially leading to arbitrary code execution or system compromise. The vulnerability allows an attacker with low-level privileges (local access) to exploit the driver without requiring user interaction, enabling full compromise of confidentiality, integrity, and availability of the affected system. Microsoft has addressed this issue by removing the vulnerable driver entirely in the October 2025 cumulative update, effectively disabling any fax modem hardware dependent on ltmdm64.sys. This removal means that legacy fax modem devices relying on this driver will no longer function on updated Windows 10 systems. No public exploits have been reported, but the vulnerability's nature and CVSS score of 7.8 indicate a high risk if exploited. The vulnerability is limited to Windows 10 Version 1507, an early release version of Windows 10, which is largely superseded by newer versions but may still be in use in some legacy environments. The vulnerability was reserved in January 2025 and published in October 2025, with Microsoft recommending removal of dependencies on the affected hardware to mitigate risk.

The impact of CVE-2025-24990 is significant for organizations that still operate Windows 10 Version 1507 systems with the Agere Modem driver installed. Successful exploitation can lead to complete system compromise, including unauthorized access to sensitive data, modification or deletion of critical files, and denial of service through system instability or crashes. Since the vulnerability requires local access but no user interaction, attackers who gain limited access to affected systems can escalate privileges or execute arbitrary code. The removal of the driver in updates also causes operational impact by disabling fax modem hardware dependent on ltmdm64.sys, potentially disrupting business processes relying on fax communications. Organizations with legacy infrastructure, especially in sectors like healthcare, legal, or government that may still use fax modems, face both security and operational challenges. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially in environments where patching is delayed or impossible due to hardware dependencies.

To mitigate CVE-2025-24990, organizations should first identify any systems running Windows 10 Version 1507 with the Agere Modem driver installed. They should apply the October 2025 cumulative update from Microsoft, which removes the vulnerable driver. Since this update disables fax modem hardware dependent on ltmdm64.sys, organizations must plan to replace or retire legacy fax modem devices and transition to modern communication alternatives such as digital fax services or secure email. For environments where updating is not immediately possible, restricting local access to affected systems and employing strict access controls can reduce exploitation risk. Additionally, monitoring for unusual local activity and employing endpoint detection and response (EDR) tools can help detect attempts to exploit this vulnerability. Organizations should also review and update their asset inventories to identify legacy hardware dependencies and develop a roadmap for hardware modernization to avoid similar issues in the future.