1. Home
  2. CVE Database
  3. CVE-2025-44137
HIGH · 8.2

CVE-2025-44137

MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web requ...

Vulnerability Description

MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web server. Affected GET parameters are "TileMatrix", "TileRow", "TileCol" and "Format"

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
MaptilerTileserver Php2.0

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2025-44137?

CVE-2025-44137 is a vulnerability with a CVSS score of 8.2 (HIGH). MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web requ...

How severe is CVE-2025-44137?

CVE-2025-44137 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-44137?

Check the references section above for vendor advisories and patch information. Affected products include: Maptiler Tileserver Php.