Search
Find a vulnerability
Search criteria
2 vulnerabilities by jaketcooper
CVE-2025-61680 (GCVE-0-2025-61680)
Vulnerability from nvd – Published: 2025-10-03 21:37 – Updated: 2025-10-06 15:43
VLAI
EPSS
VEX
Title
Minecraft RCON Terminal: Plain Text Password Storage in Configuration
Summary
Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/jaketcooper/Minecraft-rcon/sec… | x_refsource_CONFIRM |
| https://github.com/jaketcooper/Minecraft-rcon/com… | x_refsource_MISC |
| https://github.com/jaketcooper/Minecraft-rcon/rel… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| jaketcooper | Minecraft-rcon |
Affected:
>= 0.1.0, < 2.1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T15:43:25.467679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T15:43:41.340Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Minecraft-rcon",
"vendor": "jaketcooper",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.1.0, \u003c 2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code\u0027s configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T21:37:31.341Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jaketcooper/Minecraft-rcon/security/advisories/GHSA-4m33-hxqw-7j77",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jaketcooper/Minecraft-rcon/security/advisories/GHSA-4m33-hxqw-7j77"
},
{
"name": "https://github.com/jaketcooper/Minecraft-rcon/commit/31272b541482d095d1578855c2b571268eb9b877",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jaketcooper/Minecraft-rcon/commit/31272b541482d095d1578855c2b571268eb9b877"
},
{
"name": "https://github.com/jaketcooper/Minecraft-rcon/releases/tag/2.1.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jaketcooper/Minecraft-rcon/releases/tag/2.1.0"
}
],
"source": {
"advisory": "GHSA-4m33-hxqw-7j77",
"discovery": "UNKNOWN"
},
"title": "Minecraft RCON Terminal: Plain Text Password Storage in Configuration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61680",
"datePublished": "2025-10-03T21:37:31.341Z",
"dateReserved": "2025-09-29T20:25:16.181Z",
"dateUpdated": "2025-10-06T15:43:41.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-61680 (GCVE-0-2025-61680)
Vulnerability from cvelistv5 – Published: 2025-10-03 21:37 – Updated: 2025-10-06 15:43
VLAI
EPSS
VEX
Title
Minecraft RCON Terminal: Plain Text Password Storage in Configuration
Summary
Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/jaketcooper/Minecraft-rcon/sec… | x_refsource_CONFIRM |
| https://github.com/jaketcooper/Minecraft-rcon/com… | x_refsource_MISC |
| https://github.com/jaketcooper/Minecraft-rcon/rel… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| jaketcooper | Minecraft-rcon |
Affected:
>= 0.1.0, < 2.1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T15:43:25.467679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T15:43:41.340Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Minecraft-rcon",
"vendor": "jaketcooper",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.1.0, \u003c 2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code\u0027s configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T21:37:31.341Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jaketcooper/Minecraft-rcon/security/advisories/GHSA-4m33-hxqw-7j77",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jaketcooper/Minecraft-rcon/security/advisories/GHSA-4m33-hxqw-7j77"
},
{
"name": "https://github.com/jaketcooper/Minecraft-rcon/commit/31272b541482d095d1578855c2b571268eb9b877",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jaketcooper/Minecraft-rcon/commit/31272b541482d095d1578855c2b571268eb9b877"
},
{
"name": "https://github.com/jaketcooper/Minecraft-rcon/releases/tag/2.1.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jaketcooper/Minecraft-rcon/releases/tag/2.1.0"
}
],
"source": {
"advisory": "GHSA-4m33-hxqw-7j77",
"discovery": "UNKNOWN"
},
"title": "Minecraft RCON Terminal: Plain Text Password Storage in Configuration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61680",
"datePublished": "2025-10-03T21:37:31.341Z",
"dateReserved": "2025-09-29T20:25:16.181Z",
"dateUpdated": "2025-10-06T15:43:41.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}