CVE-2025-53018 | Lychee up to 6.6.12 /api/v2/Photo::fromUrl fopen server-side request forgery (GHSA-cpgw-wgf3-xc6v)

A vulnerability was found in Lychee up to 6.6.12. It has been rated as problematic. Affected by this issue is the function fopen of the file /api/v2/Photo::fromUrl. The manipulation leads to server-side request forgery.

This vulnerability is handled as CVE-2025-53018. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More