CVE-2025-50202
Published
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user's uploaded images, and configuration secrets due to a path traversal exploit in SecurePathController.php. This issue has been patched in version 6.6.10.
A great looking and easy-to-use photo-management-system you can run on your server, to manage and share photos.
GitHub