CVE-2025-44137

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions MapTiler Tileserver-php version 2.0

Description MapTiler Tileserver-php version 2.0 contains a directory traversal issue. The renderTile function within the tileserver.php file is responsible for delivering tiles stored as files on the server via web request. The creation of the file path allows for the insertion of "../", enabling the reading of any file on the web server. The affected GET parameters are TileMatrix, TileRow, TileCol, and Format.

Recommendations Versions prior to 2.0 are not affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-44137

Affected Products

Maptiler Tileserver-Php

CVE-2025-44137

Weakness Enumeration

Related Identifiers

Affected Products

References · 8