Description

MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web server. Affected GET parameters are "TileMatrix", "TileRow", "TileCol" and "Format"

INFO

Published Date :

2025-07-29T00:00:00.000Z

Last Modified :

2026-01-20T20:30:09.461Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-44137 vulnerability.

Vendors Products
Maptiler
  • Tileserver Php
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-44137.

URL Resource
https://github.com/maptiler/tileserver-php/commit/4fe14e6164bbe2a3f9e3b3d7acf303e3ec210c8e cve-icon cve-icon
https://github.com/maptiler/tileserver-php/issues/167 cve-icon cve-icon
https://github.com/mheranco/CVE-2025-44137 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact