7.8 CVE-2025-24990
CISA Kev Catalog
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.
Fax modem hardware dependent on this specific driver will no longer work on Windows.
Microsoft recommends removing any existing dependencies on this hardware.
https://nvd.nist.gov/vuln/detail/CVE-2025-24990
Categories
CWE-822 : Untrusted Pointer Dereference
The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer. message-passing framework interprets values in packets as pointers, causing a crash. labeled as a "type confusion" issue, also referred to as a "stale pointer." However, the bug ID says "contents are simply interpreted as a pointer... renderer ordinarily doesn't supply this pointer directly". The "handle" in the untrusted area is replaced in one function, but not another - thus also, effectively, exposure to wrong sphere (CWE-668). Untrusted dereference using undocumented constructor. An error code is incorrectly checked and interpreted as a pointer, leading to a crash. An untrusted value is obtained from a packet and directly called as a function pointer, leading to code execution. Undocumented attribute in multimedia software allows "unmarshaling" of an untrusted pointer. ActiveX control for security software accepts a parameter that is assumed to be an initialized pointer. Spreadsheet software treats certain record values that lead to "user-controlled pointer" (might be untrusted offset, not untrusted pointer).
References
134c704f-9b21-4f2e-91b3-4a467353bcc0
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-20... US Government Resource |
secure@microsoft.com
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* | < 10.0.10240.21161 | |
| cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* | < 10.0.14393.8519 | |
| cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* | < 10.0.17763.7919 | |
| cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* | < 10.0.19044.6456 | |
| cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* | < 10.0.19045.6456 | |
| cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:* | < 10.0.22621.6060 | |
| cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* | <= 10.0.22631.6060 | |
| cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* | < 10.0.26100.6899 | |
| cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:* | < 10.0.26200.6899 | |
| cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* | <= 10.0.14393.8519 | |
| cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* | < 10.0.17763.7919 | |
| cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* | < 10.0.20348.4294 | |
| cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* | < 10.0.25398.1913 | |
| cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* | <= 10.0.26100.6899 | |
REMEDIATION
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
| No known exploits |
Other Nist (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| 129 | Pointer Manipulation |
Medium |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
