Applies ToWindows 10 Windows 10, version 1607, all editions Win 10 Ent LTSC 2019 Win 10 IoT Ent LTSC 2019 Windows 10 IoT Core LTSC Windows 10 Enterprise LTSC 2021 Windows 10 IoT Enterprise LTSC 2021 Windows 10, version 22H2, all editions Windows 11 Home and Pro, version 21H2 Windows 11 Enterprise Multi-Session, version 21H2 Windows 11 Enterprise and Education, version 21H2 Windows 11 IoT Enterprise, version 21H2 Windows 11 Home and Pro, version 22H2 Windows 11 Enterprise Multi-Session, version 22H2 Windows 11 Enterprise and Education, version 22H2 Windows 11 IoT Enterprise, version 22H2 Windows 11 SE, version 23H2 Windows 11 Home and Pro, version 23H2 Windows 11 Enterprise and Education, version 23H2 Windows 11 Enterprise Multi-Session, version 23H2 Windows 11 IoT Enterprise, version 23H2 Windows 11 SE, version 24H2 Windows 11 Enterprise and Education, version 24H2 Windows 11 Enterprise Multi-Session, version 24H2 Windows 11 Home and Pro, version 24H2 Windows 11 IoT Enterprise, version 24H2 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server, version 23H2 Windows Server 2025

Original publish date: April 8, 2025

KB ID: 5058189

Summary

A vulnerability exists in Windows that allows unauthorized users to view the full file path to a resource they do not have permissions to access. This vulnerability might occur when the user has FILE_LIST_DIRECTORY access rights on a parent folder and obtains directory change notifications.

For more information about this vulnerability, see CVE-2025-21197 and CVE-2025-27738.

More information

The fix for this vulnerability is included in the Windows updates released on or after April 8, 2025.

This fix can be applied to NTFS and ReFS volumes to prevent this vulnerability. This fix performs a FILE_LIST_DIRECTORY access check against the parent folder of the changed file or folder before reporting changes to an unauthorized user. If the user does not hold the necessary permissions, the change notifications will be filtered out, preventing unauthorized disclosure of file paths.

By default, this fix is disabled to prevent any unexpected security risks or application disruption.

To enable this fix, you can set the registry key value or the group policy key value on the affected system. To do this, use one of the following methods.

Method 1: Registry

In the Windows registry, turn on the fix in the Policies or the FileSystem subkey.

Caution If both the Policies and the FileSystem subkeys are enabled, the Policies subkey takes precedence.

Policies

Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies

DWORD name: EnforceDirectoryChangeNotificationPermissionCheck

Value date: 1 (Default value is 0)

Note To turn off the fix, set the Value data to 0.

FileSystem

Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

DWORD name: EnforceDirectoryChangeNotificationPermissionCheck

Value date: 1 (Default value is 0)

Note To turn off the fix, set the Value data to 0.

Method 2: PowerShell

To enable the fix, run PowerShell as an administrator and turn on the fix in the Policies or the FileSystem subkey.

Policies

Run this command:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Policies" -Name "EnforceDirectoryChangeNotificationPermissionCheck" -Value 1 -Type Dword

FileSystem

Run this command:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem" -Name "EnforceDirectoryChangeNotificationPermissionCheck" -Value 1 -Type DWord

​​​​​​​To disable the fix, run PowerShell as an administrator and turn off the fix in the Policies or the FileSystem subkey.

Policies

Run this command:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Policies" -Name "EnforceDirectoryChangeNotificationPermissionCheck" -Value 0 -Type DWord

FileSystem

Run this command:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem" -Name "EnforceDirectoryChangeNotificationPermissionCheck" -Value 0 -Type DWord

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.