cve 2025 64437

CVE-2025-64437 is a moderate-severity vulnerability in KubeVirt's virt-handler component. It involves a symlink-handling bug that allows changing ownership of arbitrary host files to the unprivileged qemu user (UID 107). This can be exploited from a compromised pod filesystem, leading to host-level file-permission changes and undermining multi-tenant isolation in Kubernetes environments. The vulnerability was published on November 7, 2025, and affects KubeVirt, a Kubernetes extension for running virtual machines alongside containers. Discussions on WindowsForum cover the technical details, attack vector, and implications for enterprise IT security, particularly in Kubernetes clusters using KubeVirt.