Main Vulnerability Database Exploits ID:12048 - Exploit for Untrusted pointer dereference in Windows Server and Windows - CVE-2025-24990

ID:12048 - Exploit for Untrusted pointer dereference in Windows Server and Windows - CVE-2025-24990

Published: October 31, 2025

Vulnerability identifier: #VU117007

Vulnerability risk: High

CVE-ID: CVE-2025-24990

CWE-ID: CWE-822

Exploitation vector: Local access

Vulnerable software:
Windows Server
Windows

Link to public exploit:

https://github.com/moiz-2x/CVE-2025-24990_POC

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to untrusted pointer dereference in the third party Agere Modem driver ltmdm64.sys that ships natively with supported Windows operating systems. A local user can pass specially crafted input to the driver and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install updates from vendor's website.

ID:12048 - Exploit for Untrusted pointer dereference in Windows Server and Windows - CVE-2025-24990

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human