Vulnerability Database

300,830

Total vulnerabilities in the database

CVE-2025-44137

MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web server. Affected GET parameters are "TileMatrix", "TileRow", "TileCol" and "Format"

Published: Jul 29, 2025
Updated: Aug 7, 2025
CVE: CVE-2025-44137
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
maptiler / tileserver_php	2.0	2.0.x

https://github.com/maptiler/tileserver-php/issues/167
https://github.com/mheranco/CVE-2025-44137

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo