CVE-2025-44137

Published: Jul 29, 2025

Modified: Jan 20, 2026

PUBLISHED

Description

MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web server. Affected GET parameters are "TileMatrix", "TileRow", "TileCol" and "Format"

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/maptiler/tileserver-php/issues/167

https://github.com/mheranco/CVE-2025-44137

https://github.com/maptiler/tileserver-php/commit/4fe14e6164bbe2a3f9e3b3d7acf303e3ec210c8e

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-44137

Description

Affected Products

References