External risk intelligence

Windows Agere Modem Driver Privilege Escalation Vulnerability

CVE advisoryKnown Exploit

CVE-2025-24990

A vulnerability was identified in a third-party Agere Modem driver in Windows. This driver's removal impacts fax modem hardware functionality. Organizations should remove dependencies on this hardware to mitigate business risk.

1Halo Surface Signal

Microsoft Windows 10 1507

before 10.0.10240.21161before 10.0.14393.8519before 10.0.17763.7919before 10.0.19044.6456before 10.0.19045.6456before 10.0.22621.606010.0.22631.6060 and earlierbefore 10.0.26100.6899;...

External exposure likelihood

Halo Surface Signal score for CVE-2025-24990

This vulnerability resides in a local hardware driver (Agere Modem) for Windows operating systems. As a driver-level component, it is inherently local to the host system and is not reachable via the public internet.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

Microsoft has identified a vulnerability in a third-party Agere Modem driver that is included with supported Windows operating systems. This driver has been removed in the October cumulative update. The removal of this driver means that fax modem hardware that relies on it will no longer function on Windows. Organizations dependent on this hardware should remove their reliance on it.

  • Agere Modem driver in Windows
  • Pointer dereference vulnerability
  • Loss of fax modem functionality

Attack Path

How an attacker could exploit the issue

This vulnerability impacts systems with a specific third-party modem driver. An attacker with local access to a system could exploit this driver to gain elevated privileges. This could allow the attacker to execute arbitrary code and take control of the affected system, leading to data compromise or further network infiltration.

  • Local system access required
  • Attacker exploits modem driver
  • Results in elevated privileges

Live Threat

Current exploitation, exposure, and threat context

This vulnerability impacts the Agere Modem driver, which is a third-party component present in supported Windows operating systems. The driver has been removed in the October cumulative update. Organizations relying on fax modem hardware dependent on this specific driver will experience a loss of functionality. Microsoft advises removing any existing dependencies on this hardware.

  • Likely attacker skill level: Low
  • Required access or conditions: Local access
  • Business risk or urgency: High

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Microsoft has addressed vulnerabilities in the Agere Modem driver, which is included in supported Windows operating systems. This driver has been removed in the October cumulative update, and fax modem hardware reliant on it will no longer function on Windows. Organizations should discontinue using fax modem hardware that depends on this specific driver.

  • Identify systems using the affected driver.
  • Remove dependencies on fax modem hardware.
  • Apply the vendor fix and monitor systems.

Frequently asked questions

What is the Agere Modem driver and its role in Windows systems?

The Agere Modem driver is a third-party component integrated into supported Windows operating systems. Its primary function was to enable fax modem hardware capabilities on Windows devices, allowing for fax transmission and reception.

What type of weakness does CVE-2025-24990 represent?

CVE-2025-24990 is an untrusted pointer dereference vulnerability. This means the driver improperly handles memory addresses, potentially allowing an attacker with local access to execute unauthorized code or elevate their system privileges to an administrator level.

How can CVE-2025-24990 be triggered and what is the scope of its impact?

This vulnerability requires an attacker to have local access to the affected system. By exploiting the Agere Modem driver, an attacker can gain elevated privileges. The scope is local, meaning it affects the individual machine rather than a network.

What is the significance of CVE-2025-24990 for Windows users?

Microsoft has removed the affected Agere Modem driver in the October cumulative update. Consequently, fax modem hardware that depends on this specific driver will no longer function on Windows. Organizations should remove any existing dependencies on this hardware to avoid disruptions.

What steps should be taken regarding the Agere Modem driver vulnerability?

Organizations should identify systems utilizing the affected Agere Modem driver and remove any reliance on fax modem hardware that depends on it. Microsoft has removed the driver in a recent update, rendering the affected hardware non-functional on Windows.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified