Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped

The two Windows zero-days that have come under active exploitation are as follows:

• CVE-2025-24990 (CVSS score: 7.8) - Windows Agere Modem Driver (“ltmdm64.sys”) Elevation of Privilege Vulnerability
• CVE-2025-59230 (CVSS score: 7.8) - Windows Remote Access Connection Manager (RasMan) Elevation of Privilege Vulnerability

“The vulnerable driver ships with every version of Windows, up to and including Server 2025,” Adam Barnett, lead software engineer at Rapid7, said. “Maybe your fax modem uses a different chipset, and so you don’t need the Agere driver? Perhaps you’ve simply discovered email? Tough luck. Your PC is still vulnerable, and a local attacker with a minimally privileged account can elevate to administrator.”

The third vulnerability that has been exploited in real-world attacks concerns a case of Secure Boot bypass in IGEL OS before 11 (CVE-2025-47827, CVSS score: 4.6).

All three issues have since been added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the patches by November 4, 2025.

To read the complete article see: The Hacker News