CVE-2025-61680

Summary

Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0.

Affected Software

VendorProductVersion RangeStatus
jaketcooperMinecraft-rcon>= 0.1.0, < 2.1.0affected

Weaknesses

  • CWE-256: CWE-256: Plaintext Storage of a Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References