CVE-2025-65965 Overview
CVE-2025-65965 is a credential disclosure vulnerability in Grype, an open-source vulnerability scanner for container images and filesystems maintained by Anchore. The flaw affects Grype versions 0.68.0 through 0.104.0. When registry credentials are configured and scan output is written using the --file or --output json=<file> options, the registry credentials are embedded unsanitized in the resulting report file. Anchore patched the issue in version 0.104.1. The vulnerability is classified under CWE-212 (Improper Removal of Sensitive Information Before Storage or Transfer).
Critical Impact
Container registry credentials written into Grype scan reports can leak to anyone with access to CI artifacts, build logs, or shared report storage, enabling unauthorized registry access.
Affected Products
- Anchore Grype versions 0.68.0 through 0.104.0
- Grype JSON, table, and SBOM output writers that consume the Registry.Auth configuration
- CI/CD pipelines and container scanning workflows that persist Grype reports to disk
Discovery Timeline
- 2025-11-25 - CVE-2025-65965 published to the National Vulnerability Database
- 2026-06-17 - Last updated in the NVD database
Technical Details for CVE-2025-65965
Vulnerability Analysis
Grype accepts registry authentication through its configuration file under the registry.auth block. The credentials are loaded into a Go struct and passed alongside other scan options when Grype serializes the final report. The report writer marshals the full options object, including authentication entries containing usernames, passwords, and tokens. When the user redirects output through --file or --output json=<file>, the resulting artifact contains those credentials in cleartext.
The disclosure is local in vector but its blast radius extends beyond the host. Scan reports are commonly uploaded as CI artifacts, attached to pull requests, archived in object storage, or shared with downstream teams. Any party with read access to those reports inherits the embedded registry credentials.
Root Cause
The registry struct in cmd/grype/cli/options/registry.go tagged the Auth field for JSON serialization without the omitempty directive, and the report builder in cmd/grype/cli/commands/root.go did not strip credentials before document creation. Both omissions caused the secrets to flow into rendered output.
Attack Vector
An attacker who can read a Grype report file produced by a vulnerable version extracts the registry credentials directly from the JSON payload. No exploitation of the scanning host is required.
// Patch in cmd/grype/cli/commands/root.go
log.WithFields("time", time.Since(startTime)).Info("found vulnerability matches")
startTime = time.Now()
+ // clear out the registry auth information to avoid including possibly sensitive information in the report
+ opts.Registry.Auth = nil
+
model, err := models.NewDocument(app.ID(), packages, pkgContext, *remainingMatches, ignoredMatches, vp, opts, dbInfo(status, vp), models.SortStrategy(opts.SortBy.Criteria), opts.Timestamp)
Source: Anchore Grype commit 39f7fa17
// Patch in cmd/grype/cli/options/registry.go
type registry struct {
InsecureSkipTLSVerify bool `yaml:"insecure-skip-tls-verify" json:"insecure-skip-tls-verify" mapstructure:"insecure-skip-tls-verify"`
InsecureUseHTTP bool `yaml:"insecure-use-http" json:"insecure-use-http" mapstructure:"insecure-use-http"`
- Auth []RegistryCredentials `yaml:"auth" json:"auth" mapstructure:"auth"`
+ Auth []RegistryCredentials `yaml:"auth" json:"auth,omitempty" mapstructure:"auth"`
CACert string `yaml:"ca-cert" json:"ca-cert" mapstructure:"ca-cert"`
}
Source: Anchore Grype commit 39f7fa17
Detection Methods for CVE-2025-65965
Indicators of Compromise
- Grype JSON output files containing a populated registry.auth array with username, password, token, or authority fields
- Build artifacts, CI logs, or S3/GCS objects with filenames such as grype-report.json, vulns.json, or any file produced with --file containing credential structures
- Unexpected registry authentication events from hosts or service accounts that should not be initiating pulls
Detection Strategies
- Scan repositories, artifact stores, and log buckets for Grype report files and grep for the "auth":[ pattern paired with "password" or "token" keys
- Inventory CI pipelines invoking Grype with --file or --output json= on versions 0.68.0 through 0.104.0
- Correlate registry access logs with workstation or runner identities to identify credential reuse from leaked reports
Monitoring Recommendations
- Alert on Grype binary execution where the version string falls within the affected range
- Monitor registry authentication logs for logins from IP ranges that do not match approved CI infrastructure
- Apply DLP rules to artifact stores to flag JSON files containing credential keywords adjacent to registry hostnames
How to Mitigate CVE-2025-65965
Immediate Actions Required
- Upgrade Grype to version 0.104.1 or later across all developer workstations, CI runners, and container build systems
- Rotate every registry credential that was configured in Grype on affected versions, including ephemeral CI tokens
- Audit existing scan reports stored in artifact repositories and purge any files that contain embedded registry.auth data
Patch Information
Anchore released the fix in Grype 0.104.1 via pull request #3068 and commit 39f7fa17. The patch nils out opts.Registry.Auth before document serialization and marks the Auth JSON field as omitempty. Full details are documented in GHSA-6gxw-85q2-q646.
Workarounds
- Redirect Grype output to a file using shell redirection (grype <image> > report.json) instead of --file or --output json=<file>
- Supply registry credentials through environment variables consumed by the container runtime rather than Grype's registry.auth configuration block
- Restrict read access on existing scan artifacts until upgrade and credential rotation are complete
# Upgrade Grype and verify the fixed version
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.104.1
grype version
# Safe output pattern that bypasses the vulnerable writer
grype registry:myregistry.example.com/app:latest -o json > grype-report.json
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

