CVE-2025-61680
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-03

Last updated on: 2025-10-06

Assigner: GitHub, Inc.

Description
Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-03
Last Modified
2025-10-06
Generated
2026-06-16
AI Q&A
2025-10-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-61680
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
jaketcooper minecraft_rcon 2.1.0
jaketcooper minecraft_rcon 2.0.6
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-256 The product stores a password in plaintext within resources such as memory or files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in Minecraft RCON Terminal, a VS Code extension, is that versions 0.1.0 through 2.0.6 store passwords using VS Code's configuration API which writes them in plaintext to the settings.json file. This means sensitive password information is not encrypted or protected, making it accessible to anyone who can read that file. The issue is fixed in version 2.1.0.

Impact Analysis

This vulnerability can impact you by exposing your Minecraft server passwords in plaintext within the settings.json file. If an unauthorized person gains access to this file, they can retrieve the passwords and potentially take control of your Minecraft server, leading to unauthorized access and possible server compromise.

Compliance Impact

Storing passwords in plaintext can violate security best practices required by common standards and regulations such as GDPR and HIPAA, which mandate protecting sensitive information. This vulnerability could lead to non-compliance due to inadequate protection of authentication credentials, increasing the risk of data breaches and associated penalties.

Mitigation Strategies

Upgrade the Minecraft RCON Terminal VS Code extension to version 2.1.0 or later, as this version fixes the issue of storing passwords in plaintext in the settings.json file.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-61680. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart