Vulnerability DatabaseCVE-2025-65965
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-65965
November 25, 2025
Grype is a vulnerability scanner for container images and filesystems. A credential disclosure vulnerability was found in Grype, affecting versions 0.68.0 through 0.104.0. If registry credentials are defined and the output of grype is written using the --file or --output json=<file> option, the registry credentials will be included unsanitized in the output file. This issue has been patched in version 0.104.1. Users running affected versions of grype can work around this vulnerability by redirecting stdout to a file instead of using the --file or --output options.
Affected Packages
github.com/anchore/grype (GO):
Affected version(s) >=v0.68.0 <v0.104.1
Fix Suggestion:
Update to version v0.104.1
Related ResourcesĀ (6)
https://github.com/anchore/grype
https://github.com/anchore/grype/security/advisories/GHSA-6gxw-85q2-q646
https://github.com/anchore/grype/pull/3068
https://github.com/anchore/grype/commit/39f7fa17af2739cafe9b27176d4a68f7c05f21c1
https://nvd.nist.gov/vuln/detail/CVE-2025-65965
https://github.com/anchore/grype/commit/c99f79de49a58dc16d7fd8f35160b169b87db9de
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.2
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.1
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Improper Removal of Sensitive Information Before Storage or Transfer
CWE-212
EPSS
Base Score:
0.02