CVE-2025-54120 is a critical vulnerability identified in the PCL-Community's PCL2-CE Minecraft launcher versions 2.12.0-beta.5 through 2.12.0-beta.9. The flaw is classified under CWE-532, which pertains to the insertion of sensitive information into log files. Specifically, during the third-party login process, the launcher inadvertently records user login credentials in a local log file. Although these log files are stored locally and are not automatically transmitted or shared by the application, the presence of sensitive authentication data in plaintext within logs poses a significant security risk. If an attacker gains access to the user's device or if the user manually shares the log files (e.g., for troubleshooting), credentials could be exposed, leading to unauthorized account access. The vulnerability does not require prior authentication but does require user interaction in the form of initiating the login process. The CVSS 4.0 base score is 9.3 (critical), reflecting the high impact on confidentiality, integrity, and availability, as well as the ease of exploitation given local access and user interaction. The issue was addressed in version 2.12.0-beta.10, where logging of sensitive credentials was presumably removed or sanitized. No known exploits are reported in the wild as of the publication date.

For European organizations, the impact of this vulnerability depends largely on the extent to which PCL2-CE is used within their user base or by employees. While the product is a Minecraft launcher primarily targeted at individual users, organizations with gaming communities, educational institutions using Minecraft for learning, or companies with employees who use the launcher on corporate devices could face risks. The leakage of login credentials could lead to unauthorized access to user accounts, potentially exposing personal data or enabling further social engineering attacks. If compromised credentials are reused elsewhere, the risk extends beyond the launcher itself. Additionally, if attackers gain access to corporate endpoints, they could harvest these logs to escalate privileges or move laterally. Although the vulnerability requires local access and user interaction, the critical severity and high confidentiality impact mean that organizations should treat this as a serious risk, especially in environments where endpoint security is less controlled or where users have administrative privileges.

Organizations should ensure that all users update PCL2-CE to version 2.12.0-beta.10 or later, where the vulnerability is fixed. Endpoint security policies should restrict access to log files and monitor for unauthorized access or exfiltration attempts. Users should be educated not to share log files containing sensitive information. Implementing application whitelisting and restricting installation of beta or unapproved software can reduce exposure. Additionally, organizations can deploy endpoint detection and response (EDR) solutions to detect anomalous access to log files. Regular audits of local logs for sensitive data can help identify residual risks. For environments where PCL2-CE use is necessary, consider isolating the application within sandboxed environments or virtual machines to limit potential credential exposure. Finally, encourage users to use unique, strong passwords and enable multi-factor authentication on associated accounts to mitigate the impact of credential leakage.