CVE-2025-14517 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity  of the file AndroidManifest.xml. Executing manipulation can le…
Medium CVSS: 4.8

CVE-2025-14517

A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity  of the file AndroidManifest.xml. Executing manipulation can lead to improper export of android application components. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Vendor
Yalantis
Product
Ucrop
CWE
CWE-926
Yayın Tarihi
2025-12-11 14:16:20
Güncelleme
2026-03-05 19:04:16
Source Identifier
cna@vuldb.com
KEV Date Added
-

Kategoriler

CWE-926 Ucrop MEDIUM Yalantis 2025

Referanslar

https://mesquite-dream-86b.notion.site/uCrop-Library-SSRF-and-Intent-Spoofing-2b8512562197804dae69edf96b942446#469832583e0444dcb3d08b0ca661d1c6 https://mesquite-dream-86b.notion.site/uCrop-Library-SSRF-and-Intent-Spoofing-2b8512562197804dae69edf96b942446?source=copy_link https://vuldb.com/?ctiid.335855 https://vuldb.com/?id.335855 https://vuldb.com/?submit.702811