CVE-2025-2091 MEDIUM

CVE-2025-2091: Open redirection in M-Files Mobile

Vendor M-Files Corporation
Product M-Files Mobile
Weakness CWE-601 · Open redirect
Published June 16, 2025
Last update February 23, 2026

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green

What the vulnerability does

01Description

An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs.

Key dates

02Disclosure timeline

June 16, 2025 CVE published
February 23, 2026 Record updated