CVE-2025-2091 is an open redirection vulnerability (CWE-601) identified in M-Files Mobile applications for Android and iOS versions prior to 25.6.0. The vulnerability allows attackers to craft malicious PDF files that, when opened by a user within the M-Files Mobile app, can trigger redirection to untrusted external URLs. This occurs because the application does not properly validate or sanitize URL parameters embedded in the PDF content, enabling an attacker to manipulate the redirection target. The vulnerability is network exploitable without prior authentication but requires user interaction, specifically opening the malicious PDF file. The CVSS 4.0 base score is 4.8 (medium severity), reflecting low confidentiality and integrity impact but some risk due to user interaction and the possibility of redirecting users to phishing or malware-hosting sites. There are no known exploits in the wild as of the published date (June 16, 2025), and no patches have been linked yet. The vulnerability affects both Android and iOS platforms, which are widely used in enterprise environments. The attack vector is remote and requires low attack complexity, but the attacker must convince a user to open a crafted PDF, making social engineering a key component. The vulnerability does not impact system availability or data integrity directly but can be leveraged as part of a broader attack chain, such as phishing, credential theft, or malware delivery via the redirected URL. The lack of authentication requirements increases the potential attack surface, especially in organizations where M-Files Mobile is used extensively for document management and collaboration on mobile devices.

For European organizations, this vulnerability poses a moderate risk primarily through social engineering and phishing campaigns. Since M-Files Mobile is used for accessing sensitive documents on mobile devices, attackers could exploit this vulnerability to redirect users to malicious websites that mimic legitimate services, potentially leading to credential compromise or malware infection. This could result in unauthorized access to corporate resources, data breaches, or lateral movement within networks. The impact on confidentiality is moderate due to the possibility of credential theft or exposure of sensitive information via phishing. Integrity and availability impacts are minimal directly but could be consequential if combined with other attack vectors. Given the mobile nature of the app, users working remotely or on the go are particularly vulnerable, increasing the risk in hybrid or remote work environments common in Europe. Additionally, sectors with high regulatory requirements such as finance, healthcare, and government could face compliance risks if such an attack leads to data leakage or unauthorized access. The absence of known exploits currently reduces immediate risk but does not preclude future exploitation, especially as threat actors often weaponize open redirect vulnerabilities for phishing campaigns.

1. Immediate upgrade to M-Files Mobile version 25.6.0 or later once available, as this will contain the fix for the open redirect vulnerability. 2. Until patching is possible, implement mobile device management (MDM) policies to restrict opening PDF files from untrusted sources within the M-Files Mobile app. 3. Educate users about the risks of opening unsolicited or suspicious PDF attachments, emphasizing caution with documents received via email or messaging apps. 4. Employ email security gateways with advanced attachment scanning and URL rewriting to detect and block malicious PDFs or suspicious URLs before reaching end users. 5. Monitor network traffic for unusual outbound connections to untrusted domains that could indicate exploitation attempts. 6. Use URL filtering and web proxy solutions to block access to known malicious or untrusted sites, reducing the impact of any redirected requests. 7. Conduct regular phishing simulation exercises to raise awareness and resilience against social engineering attacks leveraging this vulnerability. 8. Coordinate with M-Files support and subscribe to their security advisories to receive timely updates and patches.