CVE-2025-24990HIGH 7.8CISA KEVEPSS p92.1%

CVE-2025-24990Microsoft Windows Untrusted Pointer Dereference Vulnerability

Microsoft / Windows

Description

Microsoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully exploited this vulnerability could gain administrator privileges.

Scoring

CVSS 3.17.8 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS5.79% probability of exploitation · percentile 92.1% · 2026-06-18T12:00:27Z
Published2025-10-14
Last modified2025-11-18

CISA KEV entry

Added to KEV: 2025-10-14

Underlying weaknesses· 1

CWE-822

References

  1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24990
  2. https://www.vicarius.io/vsociety/posts/cve-2025-24990-detection-script-elevation-of-privilege-vulnerability-in-agere-modem-driver-affecting-windows
  3. https://www.vicarius.io/vsociety/posts/cve-2025-24990-mitigation-script-elevation-of-privilege-vulnerability-in-agere-modem-driver-affecting-windows
  4. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24990

1

TypeTargetConfidenceTier
WeaknessUntrusted Pointer Dereferencecwe-8220%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryMicrosoft Windows Untrusted Pointer Dereference Vulnerabilitykev-cve-2025-249900%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability
CVE
Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability
CVE
CVE-2025-21250
CVE
Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
CVE
CVE-2025-21248
CVE
CVE-2025-21190
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.