CVE-2025-2091
MEDIUM WAF: Medium
CVSS 5.4
Published: 2025-06-16
CWE-601
An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs.
WAF Coverage Analysis
Open Redirect
Medium WAF Coverage
OWASP: A01:2021 Broken Access Control
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| m-files | m-files_mobile | up to 25.6.0 |
| m-files | m-files_mobile | up to 25.6.0 |
References
- empower.m-files.com
- product.m-files.com (Vendor Advisory)