CVE-2025-2091
MEDIUMM-Files Mobile < 25.6.0 - Open Redirect via Malicious PDF File
Title source: llmDescription
An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://product.m-files.com/security-advisories/cve-2025-2091
Various Sources vendor-advisory
https://empower.m-files.com/security-advisories/CVE-2025-2091
Scores
CVSS v3
5.4
EPSS
0.0023
EPSS Percentile
14.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (1)
m-files/m-files_mobile
< 25.6.0 (2 CPE variants)
Published
Jun 16, 2025
Tracked Since
Feb 18, 2026