A high-severity vulnerability has been identified in a third-party modem driver that is included with Microsoft Windows operating systems. This flaw is being actively exploited by attackers and could allow them to take control of affected systems, leading to data theft or further network compromise. Due to the active exploitation and inclusion in the CISA KEV catalog, immediate patching is critical to mitigate significant security risks.

The vulnerability exists within the Agere Modem driver, a component shipped with supported versions of Microsoft Windows. The flaw is likely a memory corruption issue, such as a buffer overflow, which can be triggered when the driver processes specially crafted data sent to the modem interface. An attacker could exploit this vulnerability to execute arbitrary code with elevated (kernel-level) privileges, leading to a complete compromise of the underlying operating system.

This vulnerability is rated as High severity with a CVSS score of 7.8. Successful exploitation could grant an attacker full control over an affected workstation or server, bypassing standard security controls. The potential business impact is severe and includes unauthorized access to sensitive data, deployment of ransomware, system instability, and the use of the compromised machine as a pivot point for further attacks within the network. Its inclusion in the CISA KEV catalog confirms it presents a clear and present danger to the organization.

Immediate Action: Apply the security updates released by Microsoft to all affected systems immediately. After patching, monitor systems for any signs of post-exploitation activity and review system and network access logs for anomalous behavior preceding the patch deployment.

Proactive Monitoring: Monitor for unusual driver behavior, such as unexpected crashes or restarts logged in the Windows Event Viewer. Network monitoring should focus on identifying anomalous traffic patterns associated with the modem interface. Endpoint Detection and Response (EDR) solutions should be configured to alert on suspicious processes originating from or interacting with the Agere Modem driver.

Compensating Controls: If immediate patching is not feasible, consider disabling the Agere modem device through the Windows Device Manager if it is not critical for business operations. Implement network segmentation to isolate potentially vulnerable systems and restrict their ability to communicate with critical assets, thus limiting the potential impact of a compromise.

Public Exploit Available: true

Given the high severity of this vulnerability (CVSS 7.8) and its confirmed status as a known exploited vulnerability by CISA, we recommend immediate and urgent action. Organizations must prioritize the deployment of the vendor-supplied security patches to all affected endpoints before the CISA KEV deadline of November 3, 2025. Failure to remediate this vulnerability in a timely manner exposes the organization to a high likelihood of system compromise.