Assaf

**Name of the Vulnerable Software and Affected Versions** Lychee versions prior to 7.5.1 **Description** Lychee is a free, open-source photo-management tool. A flaw exists in the IP validation check within the patch for an SSRF issue related to `Photo::fromUrl`. This incomplete check fails to block loopback and link-local addresses. Before version 7.5.1, an authenticated user could access internal services using direct IP addresses, bypassing all four protection configurations, even with secure default settings. **Recommendations** Update to version 7.5.1 or later.