Minecraft RCON Terminal: Plain Text Password Storage in Configuration

6.6 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

Description

Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0.

Basic Information

ID CVE-2025-61680

Source GitHub_M

Published Oct 3, 2025 at 21:37

Affected Product

Vendor jaketcooper

Product Minecraft-rcon

Version >= 0.1.0, < 2.1.0

Affected Versions jaketcooper Minecraft-rcon >= 0.1.0, < 2.1.0

CWE Classification

CWE-256

References

{
    "lastseen": "",
    "description": "Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0.",
    "published": "2025-10-03T21:37:31.341Z",
    "modified": "2025-10-03T21:37:31.341Z",
    "type": "cve",
    "title": "Minecraft RCON Terminal: Plain Text Password Storage in Configuration",
    "source": "GitHub_M",
    "references": "https://github.com/jaketcooper/Minecraft-rcon/security/advisories/GHSA-4m33-hxqw-7j77\nhttps://github.com/jaketcooper/Minecraft-rcon/commit/31272b541482d095d1578855c2b571268eb9b877\nhttps://github.com/jaketcooper/Minecraft-rcon/releases/tag/2.1.0",
    "id": "CVE-2025-61680",
    "bulletinFamily": "",
    "cwe": [
        "CWE-256"
    ],
    "cvelist": null,
    "sourceData": "jaketcooper Minecraft-rcon >= 0.1.0, < 2.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Minecraft-rcon",
    "version": ">= 0.1.0, < 2.1.0",
    "vendor": "jaketcooper",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Minecraft RCON Terminal: Plain Text Password Storage in Configuration_CVE-2025-61680