CVE-2025-44137
published 2025-07-29CVE-2025-44137: MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are…
PriorityP279high8.2CVSS 3.1
AVNACLPRNUINSUCLIHAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.36%
68.3th percentile
MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web server. Affected GET parameters are "TileMatrix", "TileRow", "TileCol" and "Format"
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| maptiler | tileserver_php | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/tileserver.php/x/1/1/1?Format=/../../../../../../../../../../../../../../etc/passwd&Request=x&layer=.↗
- →Exploit targets GET parameters TileMatrix, TileRow, TileCol, and Format in requests to tileserver.php, injecting directory traversal sequences (../) to read arbitrary files. ↗
- →Detect exploitation by matching HTTP 200 responses to tileserver.php with a Content-Type of 'image/' AND a body containing the /etc/passwd pattern (root:.*:0:0:), indicating successful file read via traversal. ↗
- →The vulnerability is unauthenticated (PR:N, UI:N); no credentials or user interaction required. Monitor for anomalous GET requests to tileserver.php containing repeated '../' sequences in any of the four affected parameters. ↗
- ·Vulnerability is limited to MapTiler Tileserver-php v2.0 specifically; other versions are not confirmed affected. ↗
CVSS provenance
nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
vulncheck8.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cw3g-mjrp-g48q: MapTiler Tileserver-php v2
ghsa_unreviewed·2025-07-29
CVE-2025-44137 [HIGH] CWE-22 GHSA-cw3g-mjrp-g48q: MapTiler Tileserver-php v2
MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web server. Affected GET parameters are "TileMatrix", "TileRow", "TileCol" and "Format"
VulnCheck
maptiler tileserver_php Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2025·CVSS 8.2
CVE-2025-44137 [HIGH] maptiler tileserver_php Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
maptiler tileserver_php Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web server. Affected GET parameters are "TileMatrix", "TileRow", "TileCol" and "Format"
Affected: maptiler tileserver_php
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2025-44137
Exploit PoC: https://vulncheck.com/xdb/
No detection rules found.
Nuclei
MapTiler Tileserver-php v2.0 - Unauthenticated File Read
nuclei·CVSS 8.2
CVE-2025-44137 [HIGH] MapTiler Tileserver-php v2.0 - Unauthenticated File Read
MapTiler Tileserver-php v2.0 - Unauthenticated File Read
MapTiler Tileserver-php v2.0 contains a directory traversal caused by improper sanitization of GET parameters in renderTile function, letting attackers read arbitrary files on the server, exploit requires crafted web requests
Template:
id: CVE-2025-44137
info:
name: MapTiler Tileserver-php v2.0 - Unauthenticated File Read
author: 0x_Akoko
severity: high
description: |
MapTiler Tileserver-php v2.0 contains a directory traversal caused by improper sanitization of GET parameters in renderTile function, letting attackers read arbitrary files on the server, exploit requires crafted web requests
impact: |
Attackers can read arbitrary files on the server, potentially exposing sensitive information.
remediation: |
Update to the latest ve
No writeups or analysis indexed.
2025-07-29
Published
Exploited in the wild