CVE-2025-61680
- Source
- https://cve.org/CVERecord?id=CVE-2025-61680
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61680.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-61680
- Aliases
-
- GHSA-4m33-hxqw-7j77
- Published
- 2025-10-03T21:37:31.341Z
- Modified
- 2026-04-10T05:33:46.020832Z
- Severity
-
- 6.6 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- Minecraft RCON Terminal: Plain Text Password Storage in Configuration
- Details
-
Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0.
- Database specific
{ "cwe_ids": [ "CWE-256" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61680.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/jaketcooper/Minecraft-rcon/releases/tag/2.1.0
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61680.json
- https://github.com/jaketcooper/Minecraft-rcon/security/advisories/GHSA-4m33-hxqw-7j77
- https://nvd.nist.gov/vuln/detail/CVE-2025-61680
- https://github.com/jaketcooper/Minecraft-rcon/commit/31272b541482d095d1578855c2b571268eb9b877
Affected packages
Git / github.com/jaketcooper/minecraft-rcon
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jaketcooper/minecraft-rcon
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/jaketcooper/minecraft-rcon
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed