VYPR
High severity7.5OSV Advisory· Published Jun 18, 2025· Updated Apr 15, 2026

CVE-2025-50202

CVE-2025-50202

Description

Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user's uploaded images, and configuration secrets due to a path traversal exploit in SecurePathController.php. This issue has been patched in version 6.6.10.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lycheeorg/LycheeOSV2 versions
    v4.0.0, v4.0.0-alpha.1, v4.0.0-beta.1, …+ 1 more
    • (no CPE)range: v4.0.0, v4.0.0-alpha.1, v4.0.0-beta.1, …
    • (no CPE)range: >=6.6.6 <6.6.10

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.