CVE-2025-23027 MEDIUM

CVE-2025-23027: BASEHUB_TOKEN commited in next-forge

Vendor Haydenbleasel
Product next-forge
Weakness CWE-312 · Cleartext storage
Published January 13, 2025
Last update January 13, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

next-forge is a Next.js project boilerplate for modern web application. The BASEHUB_TOKEN commited in apps/web/.env.example. Users should avoid use of this token and should remove any access it may have in their systems.

Key dates

02Disclosure timeline

January 13, 2025 CVE published
January 13, 2025 Record updated