Open Redirection Vulnerability in M-Files Mobile Applications for Android and iOS
CVE-2025-2091

4.8MEDIUM

Key Information:

Vendor: M-files Corporation
Status: M-files Mobile
Vendor: CVE Published:; 16 June 2025

🔔 Create M-files Corporation Vulnerability Alert

What is CVE-2025-2091?

The M-Files mobile applications for Android and iOS prior to version 25.6.0 are susceptible to an open redirection flaw. This vulnerability enables attackers to exploit maliciously crafted PDF files to mislead users, leading them to make requests to potentially harmful and untrusted URLs. Users of the affected versions must take precautions to avoid falling prey to these deceptive tactics.

Affected Version(s)

M-Files Mobile Android 0 < 25.6.0

References

https://product.m-files.com/security-advisories/cve-2025-...

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2025
Vulnerability Reserved
Mar 7, 2025

Credit

Pasi Orovuo / Solita Oy

Teemu Laakso / Solita Oy