Main Vulnerability Database Vulnerabilities #VU117007

#VU117007 Untrusted pointer dereference in Windows Server and Windows - CVE-2025-24990

Published: October 14, 2025 / Updated: October 31, 2025

Vulnerability identifier: #VU117007

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2025-24990

CWE-ID: CWE-822

Exploitation vector: Local access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Windows Server
Windows

Software vendor:
Microsoft

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to untrusted pointer dereference in the third party Agere Modem driver ltmdm64.sys that ships natively with supported Windows operating systems. A local user can pass specially crafted input to the driver and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-24990

#VU117007 Untrusted pointer dereference in Windows Server and Windows - CVE-2025-24990

Description

Remediation

External links

Please verify you're human