CVE-2025-27738 | THREATINT

Description

Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.

PUBLISHED Reserved 2025-03-06 | Published 2025-04-08 | Updated 2026-02-13 | Assigner microsoft

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Problem types

CWE-284: Improper Access Control

Product status

10.0.10240.0 (custom) before 10.0.10240.20978

affected

10.0.14393.0 (custom) before 10.0.14393.7969

affected

10.0.17763.0 (custom) before 10.0.17763.7136

affected

10.0.19044.0 (custom) before 10.0.19044.5737

affected

10.0.19045.0 (custom) before 10.0.19045.5737

affected

10.0.22621.0 (custom) before 10.0.22621.5189

affected

10.0.22631.0 (custom) before 10.0.22631.5189

affected

10.0.22631.0 (custom) before 10.0.22631.5189

affected

10.0.26100.0 (custom) before 10.0.26100.3775

affected

6.2.9200.0 (custom) before 6.2.9200.25423

affected

6.2.9200.0 (custom) before 6.2.9200.25423

affected

6.3.9600.0 (custom) before 6.3.9600.22523

affected

6.3.9600.0 (custom) before 6.3.9600.22523

affected

10.0.14393.0 (custom) before 10.0.14393.7969

affected

10.0.14393.0 (custom) before 10.0.14393.7969

affected

10.0.17763.0 (custom) before 10.0.17763.7136

affected

10.0.17763.0 (custom) before 10.0.17763.7136

affected

10.0.20348.0 (custom) before 10.0.20348.3453

affected

10.0.25398.0 (custom) before 10.0.25398.1551

affected

10.0.26100.0 (custom) before 10.0.26100.3775

affected

10.0.26100.0 (custom) before 10.0.26100.3775

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27738 (Windows Resilient File System (ReFS) Information Disclosure Vulnerability) vendor-advisory patch

cve.org (CVE-2025-27738)

nvd.nist.gov (CVE-2025-27738)

Download JSON