PT-2025-40604 · Unknown+1 · Minecraft Rcon Terminal+1
Jaketcooper
·
Published
2025-10-03
·
Updated
2025-10-04
·
CVE-2025-61680
CVSS v4.0
6.6
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Minecraft RCON Terminal versions 0.1.0 through 2.0.6
Description
The Minecraft RCON Terminal VS Code extension improperly stores passwords in plaintext within the settings.json file using VS Code's configuration API. This affects versions used for Minecraft server management.
Recommendations
Update to version 2.1.0 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Minecraft Rcon Terminal
Vscode