CVE-2025-2091

Published: Jun 16, 2025

Modified: Feb 23, 2026

PUBLISHED

Description

An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs.

Vendor	Product	Versions
M-Files Corporation	M-Files Mobile	affected `0 - < 25.6.0`

Weaknesses (CWE)

CWE-601

References

https://product.m-files.com/security-advisories/cve-2025-2091

vendor-advisory

https://empower.m-files.com/security-advisories/CVE-2025-2091

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-2091

Description

Affected Products

Weaknesses (CWE)

References