cbcvebase.
CVE-2025-44137
published 2025-07-29

CVE-2025-44137: MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are…

PriorityP279high8.2CVSS 3.1
AVNACLPRNUINSUCLIHAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.36%
68.3th percentile
MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web server. Affected GET parameters are "TileMatrix", "TileRow", "TileCol" and "Format"

Affected

1 ranges
VendorProductVersion rangeFixed in
maptilertileserver_php

Detection & IOCsextracted from sources · hover to see the quote

url/tileserver.php/x/1/1/1?Format=/../../../../../../../../../../../../../../etc/passwd&Request=x&layer=.
path/tileserver.php
othershodan: title:"TileServer-php"
otherfofa: title="TileServer-php"
  • Exploit targets GET parameters TileMatrix, TileRow, TileCol, and Format in requests to tileserver.php, injecting directory traversal sequences (../) to read arbitrary files.
  • Detect exploitation by matching HTTP 200 responses to tileserver.php with a Content-Type of 'image/' AND a body containing the /etc/passwd pattern (root:.*:0:0:), indicating successful file read via traversal.
  • The vulnerability is unauthenticated (PR:N, UI:N); no credentials or user interaction required. Monitor for anomalous GET requests to tileserver.php containing repeated '../' sequences in any of the four affected parameters.
  • ·Vulnerability is limited to MapTiler Tileserver-php v2.0 specifically; other versions are not confirmed affected.

CVSS provenance

nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
vulncheck8.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.