Description

Grype is a vulnerability scanner for container images and filesystems. A credential disclosure vulnerability was found in Grype, affecting versions 0.68.0 through 0.104.0. If registry credentials are defined and the output of grype is written using the --file or --output json=<file> option, the registry credentials will be included unsanitized in the output file. This issue has been patched in version 0.104.1. Users running affected versions of grype can work around this vulnerability by redirecting stdout to a file instead of using the --file or --output options.

INFO

Published Date :

2025-11-25T19:36:11.090Z

Last Modified :

2025-11-25T20:08:48.709Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-65965 vulnerability.

Vendors Products
Anchore
  • Grype
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-65965.

URL Resource
https://github.com/anchore/grype/commit/39f7fa17af2739cafe9b27176d4a68f7c05f21c1 cve-icon cve-icon
https://github.com/anchore/grype/pull/3068 cve-icon cve-icon
https://github.com/anchore/grype/security/advisories/GHSA-6gxw-85q2-q646 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability