CVE-2025-23027 BASEHUB_TOKEN commited in next-forge

next-forge is a Next.js project boilerplate for modern web application. The BASEHUBTOKEN commited in apps/web/.env.example. Users should avoid use of this token and should remove any access it may have in their systems...

CVE-2025-23027 BASEHUB_TOKEN commited in next-forge

next-forge is a Next.js project boilerplate for modern web application. The BASEHUBTOKEN commited in apps/web/.env.example. Users should avoid use of this token and should remove any access it may have in their systems...

CVE-2025-23027

CVE-2025-23027 affects the next-forge Next.js boilerplate. The root cause is a BASEHUB_TOKEN committed in apps/web/.env.example, exposing credentials and potentially granting unauthorized access if the token is active. Public references (NVD/Red Hat/OSV and others) describe the issue in terms of ...

next-forge 安全漏洞

next-forge is a production-grade Turborepo template for the Next.js application by Hayden Bleasel, an individual developer. A security vulnerability exists in versions prior to next-forge 3.0.11 that stems from the submission of BASEHUBTOKEN in the apps/web/.env.example file, which could lead to...