CVE-2025-59230 and CVE-2025-24990 Vulnerabilities: New Windows Zero-Days Under Active Exploitation
Hot on the heels of the disclosure of CVE-2025-11001 and CVE-2025-11002 in 7-Zip, two newly discovered zero-day flaws in popular software have emerged in the cyber threat landscape. These vulnerabilities in Microsoft Edge (Chromium-based), tracked as CVE-2025-59230 and CVE-2025-24990, are actively exploited in the wild, enabling attackers to execute code with elevated privileges.
More than 35,000 vulnerabilities have been reported globally so far in 2025, and the year-end total could surpass 50,000. Alarmingly, a significant portion, approximately 38%, is classified as “High” or “Critical” severity, highlighting the growing risk landscape. As the attack surface expands and vulnerabilities continue to increase, implementing proactive cyber defense measures is crucial for building a strong and resilient cybersecurity posture.
Register for SOC Prime Platform, backed by AI, automation, and real-time threat intelligence, helping security teams stay ahead of adversaries in the ever-increasing cyber threat landscape, where each second counts. The solution curates context-enriched detections to enable organizations in diverse industry verticals to outscale cyber threats of any sophistication, including the increasing volumes of zero-day vulnerabilities in popular software products. Click Explore Detections to take advantage of the entire collection of Sigma rules, filtered by the “CVE” tag, to help security engineers proactively defend against exploitation attempts.
All detections can be applied across multiple SIEM, EDR, and Data Lake formats and are aligned with the MITRE ATT&CK® framework. Each rule is enriched with actionable CTI, attack timelines, audit configurations, triage recommendations, and other relevant metadata to provide an in-depth cyber threat context.
Security teams can also rely on Uncoder AI to instantly convert IOCs into custom performance-optimized queries ready to hunt in the selected SIEM or EDR, build detection code from raw threat intel, generate Attack Flows, make the most of AI-driven query optimization, and translate detection content in an automated fashion.
CVE-2025-59230 and CVE-2025-24990 Analysis
Microsoft has recently rolled out patches addressing 183 security vulnerabilities across its product portfolio, including the flaws currently exploited in the wild. The release coincides with Microsoft’s official end of support for Windows 10, except for systems enrolled in the Extended Security Updates (ESU) program.
Among the exploited zero-day vulnerabilities are two Windows privilege escalation flaws, including CVE-2025-24990, which affects the Windows Agere Modem Driver (ltmdm64.sys), and CVE-2025-59230, impacting the Windows Remote Access Connection Manager (RasMan). Both vulnerabilities can be considered critical and possess a CVSS score reaching 7.8.
The vendor warned that both vulnerabilities could allow attackers to execute code with elevated privileges, though the exact exploitation methods and scope of attacks remain unclear. For CVE-2025-24990, the company intends to remove the vulnerable driver entirely rather than patch the outdated third-party component.
Experts have described the modem driver flaw as particularly serious due to its presence in legacy code distributed with every Windows version up to Server 2025, regardless of whether the associated hardware is installed. According to Trend Micro’s ZDA, as the vulnerable files are present on every Windows installation, this should be regarded as a widespread threat, and users are prompted to patch immediately.
Microsoft has removed the affected driver from its October cumulative update and advised all users to apply the fix, noting that the flaw can be exploited even when the modem hardware is inactive. However, the company cautioned that fax modems relying on this specific driver will cease to function after the update is applied.
Meanwhile, CVE-2025-59230 marks the first known zero-day exploitation in RasMan. Since January 2022, Microsoft has addressed over 20 vulnerabilities in this component. CVE-2025-59230 affects every supported release of Windows and Windows Server, allowing attackers to gain SYSTEM-level privileges, thereby granting them full control over the compromised system. Both flaws have now been added to CISA’s KEV catalog, requiring U.S. federal agencies to apply the patches by November 4, 2025.
Organizations are strongly advised to implement CVE-2025-59230 and CVE-2025-24990 mitigation measures as a priority, patching these vulnerabilities alongside other fixes included in Microsoft’s 2025 Security Updates to reduce the risk of exploitation. By leveraging SOC Prime’s complete product suite that fuses top cybersecurity expertise and AI while ensuring future-proof enterprise security, organizations can proactively detect exploitation attempts and preempt attacks at their earliest stages.
