Medium severityNVD Advisory· Published Jan 13, 2025· Updated Apr 15, 2026

CVE-2025-23027

Description

next-forge is a Next.js project boilerplate for modern web application. The BASEHUB_TOKEN commited in apps/web/.env.example. Users should avoid use of this token and should remove any access it may have in their systems.

Patches

c8ab3359cec0

https://github.com/haydenbleasel/next-forgevia osv

239a98f2c308

https://github.com/vercel/next-forgevia osv

239a98f2c308

https://github.com/haydenbleasel/next-forgevia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/haydenbleasel/next-forge/commit/239a98f2c308a51d626ae0613102917f82603c1cnvd
github.com/haydenbleasel/next-forge/security/advisories/GHSA-wppx-qmqh-9h33nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000