← back
CVE-2025-61680

Minecraft RCON Terminal: Plain Text Password Storage in Configuration

CVSS 6.6 MEDIUMEPSS 0.3%CWE-256
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.6EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
03 Oct 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
Affected products
jaketcooper · Minecraft-rcon

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/jaketcooper/Minecraft-rcon/commit/31272b541482d095d1578855c2b571268eb9b877https://github.com/jaketcooper/Minecraft-rcon/releases/tag/2.1.0https://github.com/jaketcooper/Minecraft-rcon/security/advisories/GHSA-4m33-hxqw-7j77