← back
CVE-2025-61680

Minecraft RCON Terminal: Plain Text Password Storage in Configuration

CVSS 6.6 MEDIUMEPSS 0.3%CWE-256
Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
Affected products
jaketcooper · Minecraft-rcon

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/jaketcooper/Minecraft-rcon/commit/31272b541482d095d1578855c2b571268eb9b877https://github.com/jaketcooper/Minecraft-rcon/releases/tag/2.1.0https://github.com/jaketcooper/Minecraft-rcon/security/advisories/GHSA-4m33-hxqw-7j77