Logging Exposure in PCL Community Edition for Minecraft Launcher
CVE-2025-54120

Currently unrated

Key Information:

Vendor: PCL Community
Status: Plain Craft Launcher Community Edition
Vendor: CVE Published:; 23 July 2025

🔔 Create PCL Community Vulnerability Alert

What is CVE-2025-54120?

In the PCL Community Edition of the Minecraft launcher, specifically in versions 2.12.0-beta.5 through 2.12.0-beta.9, user login credentials were inadvertently written to a local log file during the third-party login process. While the log file is not uploaded or shared automatically, users who manually transmit this log file may unintentionally expose their sensitive information. This risk has been addressed in version 2.12.0-beta.10, which eliminates the logging of sensitive login data.

References

https://github.com/PCL-Community/PCL2-CE/commit/b72eaaef0...

https://github.com/PCL-Community/PCL2-CE/security/advisor...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2025