CVE-2025-54120

CRITICAL

PCL CE <2.12.0-beta.9 - Info Disclosure

Title source: llm

Description

PCL (Plain Craft Launcher) Community Edition is a Minecraft launcher. In PCL CE versions 2.12.0-beta.5 to 2.12.0-beta.9, the login credentials used during the third-party login process are accidentally recorded in the local log file. Although the log file is not automatically uploaded or shared, if the user manually sends the log file, there is a risk of leakage. This is fixed in version 2.12.0-beta.10.

References (2)

[Vendor Advisory] https://github.com/PCL-Community/PCL2-CE/security/advisories/GHSA-f3rx-h3cv-696g

[Patch] https://github.com/PCL-Community/PCL2-CE/commit/b72eaaef05c131958b0f03bd5e7c2464bbc2af4f

View Patch ZIP pw:eip

Scores

CVSS v4 9.3

EPSS 0.0003

EPSS Percentile 9.3%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-532

Status published

Products (1)

PCL-Community/PCL2-CE >= 2.12.0-beta.5, < 2.12.0-beta.10

Published Jul 23, 2025

Tracked Since Feb 18, 2026