{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T20:23:04.092","vulnerabilities":[{"cve":{"id":"CVE-2025-50202","sourceIdentifier":"security-advisories@github.com","published":"2025-06-18T05:15:49.900","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user's uploaded images, and configuration secrets due to a path traversal exploit in SecurePathController.php. This issue has been patched in version 6.6.10."},{"lang":"es","value":"Lychee es una herramienta gratuita de gestión de fotos. En versiones anteriores a la 6.6.6 y anteriores a la 6.6.10, un atacante puede filtrar archivos locales, incluyendo variables de entorno, registros de nginx, imágenes subidas por otros usuarios y secretos de configuración, gracias a un exploit de path traversal en SecurePathController.php. Este problema se ha corregido en la versión 6.6.10."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/LycheeOrg/Lychee/blob/0709f5d984d4df77fc5e23a29a0231437e684e99/app/Http/Controllers/SecurePathController.php#L61","source":"security-advisories@github.com"},{"url":"https://github.com/LycheeOrg/Lychee/commit/ae7270b7b47e4a284ea1f69d260e52d592711072","source":"security-advisories@github.com"},{"url":"https://github.com/LycheeOrg/Lychee/security/advisories/GHSA-6rj9-gm78-vhf9","source":"security-advisories@github.com"}]}}]}