CVE-2025-2091

Severity CVSS v4.0:

MEDIUM

Type:

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Publication date:

16/06/2025

Last modified:

16/06/2025

Description

An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs.

Impact

Vector 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green CVSS v4.0 Severity and Metrics:

Base Score: 4.80 MEDIUM
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green

Attack Vector (AV): Network
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): Low
User Interaction (UI): Active
Confidentiality (VC): Low
Integrity (VI): None
Availability (VA): None
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None
Vulnerability Response Effort (RE): Moderate
Provider Urgency (U): Green

Base Score 4.0

4.80

Severity 4.0

MEDIUM

References to Advisories, Solutions, and Tools

https://product.m-files.com/security-advisories/cve-2025-2091