Improper Access Control in Windows Resilient File System by Microsoft
CVE-2025-27738

6.5MEDIUM

Key Information:

Vendor
Microsoft
Status
Windows 10 Version 21h2
Windows 11 Version 23h2
Windows Server 2022, 23h2 Edition (server Core Installation)
Windows 10 Version 22h2
Vendor
CVE Published:
8 April 2025

Summary

An improper access control vulnerability in Windows Resilient File System (ReFS) enables authenticated attackers to disclose sensitive information over a network. This flaw can lead to unauthorized data exposure, which may compromise system confidentiality and integrity. It is essential for users and administrators to implement proper security measures and apply relevant updates to mitigate associated risks.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20978

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7969

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7136

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-27738 : Improper Access Control in Windows Resilient File System by Microsoft | SecurityVulnerability.io