CVE-2025-65965

Vulnerability Description

Grype is a vulnerability scanner for container images and filesystems. A credential disclosure vulnerability was found in Grype, affecting versions 0.68.0 through 0.104.0. If registry credentials are defined and the output of grype is written using the --file or --output json=<file> option, the registry credentials will be included unsanitized in the output file. This issue has been patched in version 0.104.1. Users running affected versions of grype can work around this vulnerability by redirecting stdout to a file instead of using the --file or --output options.

Related Weaknesses (CWE)

References

• https://github.com/anchore/grype/commit/39f7fa17af2739cafe9b27176d4a68f7c05f21c1
• https://github.com/anchore/grype/pull/3068
• https://github.com/anchore/grype/security/advisories/GHSA-6gxw-85q2-q646

FAQ

What is CVE-2025-65965?

CVE-2025-65965 is a documented vulnerability. Grype is a vulnerability scanner for container images and filesystems. A credential disclosure vulnerability was found in Grype, affecting versions 0.68.0 through 0.104.0. If registry credentials are ...

How severe is CVE-2025-65965?

CVSS scoring is not yet available for CVE-2025-65965. Check NVD for updates.

Is there a patch for CVE-2025-65965?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.