Security Advisory

CVE-2025-50202

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-18 04:13:01

Last updated 2025-06-18 14:00:25

Assigner GitHub_M

State PUBLISHED

Description

Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other users uploaded images, and configuration secrets due to a path traversal exploit in SecurePathController.php. This issue has been patched in version 6.6.10.

← Browse all CVEs View on cve.org ↗