CVE-2025-61680 MEDIUM

CVE-2025-61680: Minecraft RCON Terminal: Plain Text Password Storage in Configuration

Vendor Jaketcooper
Product Minecraft-rcon
Weakness CWE-256
Published October 3, 2025
Last update October 6, 2025

CVSS base score

6.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

What the vulnerability does

01Description

Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0.

Key dates

02Disclosure timeline

October 3, 2025 CVE published
October 6, 2025 Record updated