CVE-2025-27738: 
vulnerability analysis and mitigation

The Windows Resilient File System (ReFS) vulnerability (CVE-2025-27738) was disclosed on April 8, 2025. This security flaw involves improper access control that allows an authorized attacker to disclose information over a network. The vulnerability affects Windows Server and desktop systems that utilize the Resilient File System (CVE MITRE, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The flaw is categorized under CWE-284 (Improper Access Control). The vulnerability specifically affects the access checks on ReFS volumes, potentially allowing unauthorized users to view full file paths to resources (NVD).

When successfully exploited, this vulnerability allows an authorized attacker to disclose information over a network. The primary impact is related to information disclosure, with high confidentiality impact but no effect on integrity or availability of the system (NVD).

Microsoft has released patches for this vulnerability but has disabled the fix by default to prevent application compatibility issues. Administrators need to manually enable the protection by implementing specific registry key changes. The fix enhances access checks on ReFS volumes to prevent unauthorized users from viewing the full file path to resources (TechTarget).