CVE-2025-54120

Source
https://cve.org/CVERecord?id=CVE-2025-54120
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54120.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-54120
Aliases
  • GHSA-f3rx-h3cv-696g
Published
2025-07-23T00:11:58.870Z
Modified
2026-04-10T05:31:56.299186Z
Severity
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator
Summary
PCL Community Edition exposes login credentials in logs
Details

PCL (Plain Craft Launcher) Community Edition is a Minecraft launcher. In PCL CE versions 2.12.0-beta.5 to 2.12.0-beta.9, the login credentials used during the third-party login process are accidentally recorded in the local log file. Although the log file is not automatically uploaded or shared, if the user manually sends the log file, there is a risk of leakage. This is fixed in version 2.12.0-beta.10.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54120.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-532"
    ]
}
References

Affected packages

Git / github.com/pcl-community/pcl-ce

Affected ranges

Type
GIT
Repo
https://github.com/pcl-community/pcl-ce
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

2.*
2.10.2
2.10.3
2.10.5
2.10.6
2.10.7
2.11.0a
2.11.1
2.11.1a
2.11.1b
2.11.2
2.11.2-beta.1
2.11.2-beta.2
2.11.2-beta.3
2.11.3
2.11.3-beta.1
2.11.3-beta.2
2.11.4
2.11.5
2.11.6
2.11.7
2.11.8
2.11.9
2.11.9-beta.1
2.12.0-beta.1
2.12.0-beta.2
2.12.0-beta.3
2.8.11
2.9.0
2.9.1
2.9.2
2.9.4
2.9.5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54120.json"

Git / github.com/pcl-community/pcl2-ce

Affected ranges

Type
GIT
Repo
https://github.com/pcl-community/pcl2-ce
Events
Database specific
{
    "versions": [
        {
            "introduced": "2.12.0-beta.5"
        },
        {
            "fixed": "2.12.0-beta.10"
        }
    ]
}

Affected versions

2.*
2.12.0-beta.5
2.12.0-beta.6
2.12.0-beta.7
2.12.0-beta.8
2.12.0-beta.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54120.json"