CVE-2025-14517

Name of the Vulnerable Software and Affected Versions Yalantis uCrop version 2.2.11

Description A flaw exists in the UCropActivity function within the AndroidManifest.xml file. Exploitation of this issue can lead to improper export of Android application components. The attack can only be executed locally. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.