Microsoft has released patches for 173 unique vulnerabilities (CVEs) across its product line as part of its October 2025 security updates, including two flaws that are currently being exploited in the wild. Additionally, fixes were issued for 21 non-Microsoft CVEs.
The first actively exploited issue, CVE-2025-24990 (CVSS 7.8), is an untrusted pointer dereference vulnerability in the Agere Modem driver bundled with supported Windows versions. Successful exploitation could enable attackers to gain administrative privileges on affected systems.
As part of the October cumulative update, Microsoft has removed the vulnerable ltmdm64.sys driver, which is also linked to CVE-2025-24052, another privilege escalation flaw for which a proof-of-concept exploit exists.
The second exploited vulnerability, CVE-2025-59230 (CVSS 7.8), involves improper access control within the Windows Remote Access Connection Manager, allowing attackers to elevate privileges to SYSTEM level. While Microsoft confirmed real-world exploitation, it withheld specific details on the observed attacks.
Of the 173 patched Microsoft flaws, only five are classified as critical, though the company warns that around a dozen are likely to be targeted in upcoming attack campaigns.
Among the 21 non-Microsoft CVEs, at least one — CVE-2025-47827, affecting IGEL OS — has been exploited. The flaw enables a Secure Boot bypass due to improper signature verification in the igel-flash-driver module, allowing attackers to mount a malicious root filesystem from an unverified image.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added all three exploited CVEs to its Known Exploited Vulnerabilities (KEV) catalog, directing federal agencies to patch them within three weeks, as mandated by Binding Operational Directive (BOD) 22-01.
Another notable fix this month addresses CVE-2025-2884, an out-of-bounds read in the TPM 2.0 reference library maintained by the Trusted Computing Group (TCG).
Microsoft’s advisory also references CVE-2025-0033 — known as “RMPocalypse” — a race condition vulnerability capable of undermining AMD’s confidential computing guarantees, as well as CVE-2025-59489, a code execution flaw in the Unity engine used in gaming and application development.