CVE-2025-54120

216.73.217.22

· Published 23/07/2025 01:15 · Modified 23/07/2025 01:15

Labels: CVE-2025-54120 2025-07-23 CVE-2025-54120 CWE-532 [email protected]

Essential information

Published: 23/07/2025 01:15
Modified: 23/07/2025 01:15
Author: —
Creator: —
CVSS: 9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

PCL (Plain Craft Launcher) Community Edition is a Minecraft launcher. In PCL CE versions 2.12.0-beta.5 to 2.12.0-beta.9, the login credentials used during the third-party login process are accidentally recorded in the local log file. Although the log file is not automatically uploaded or shared, if the user manually sends the log file, there is a risk of leakage. This is fixed in version 2.12.0-beta.10.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
pcl / plain craft launcher	`cpe:2.3:a:pcl:plain_craft_launcher:2.12.0-beta.5-2.12.0-beta.9:::::::*`
pcl / plain craft launcher	`cpe:2.3:a:pcl:plain_craft_launcher:2.12.0-beta.10:::::::*`