← volver
CVE-2025-61680

Minecraft RCON Terminal: Plain Text Password Storage in Configuration

CVSS 6.6 MEDIUMEPSS 0.3%CWE-256
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.6EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
03 oct 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
Productos afectados
jaketcooper · Minecraft-rcon

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/jaketcooper/Minecraft-rcon/commit/31272b541482d095d1578855c2b571268eb9b877https://github.com/jaketcooper/Minecraft-rcon/releases/tag/2.1.0https://github.com/jaketcooper/Minecraft-rcon/security/advisories/GHSA-4m33-hxqw-7j77