Security Vulnerability in Storybook Affects Environment Variable Handling
CVE-2025-68429
What is CVE-2025-68429?
A security vulnerability exists in Storybook, a popular tool for building user interface components, affecting versions prior to 7.6.21, 8.6.15, 9.1.17, and 10.1.10. During the build process, if the Storybook is set up to run in a directory containing a .env file, there is a risk that sensitive environment variables could be inadvertently included in the build output, making them accessible to the public when deployed. To mitigate this issue, users are advised to upgrade to the recommended versions and review any .env files to eliminate sensitive information from being included in deployments. It is also recommended to adapt practices for referencing environment variables while ensuring that no secrets are exposed.
Affected Version(s)
storybook >= 7.0.0, < 7.6.21 < 7.0.0, 7.6.21
storybook >= 8.0.0, < 8.6.15 < 8.0.0, 8.6.15
storybook >= 9.0.0, < 9.1.17 < 9.0.0, 9.1.17