CVE-2025-44137HIGH 8.2EPSS p66.8%

CVE-2025-44137CVE-2025-44137

Description

MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web server. Affected GET parameters are "TileMatrix", "TileRow", "TileCol" and "Format"

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS1.30% probability of exploitation · percentile 66.8% · 2026-06-18T12:00:27Z
Published2025-07-29
Last modified2026-01-20

Underlying weaknesses· 1

CWE-22

References

  1. https://github.com/maptiler/tileserver-php/commit/4fe14e6164bbe2a3f9e3b3d7acf303e3ec210c8e
  2. https://github.com/maptiler/tileserver-php/issues/167
  3. https://github.com/mheranco/CVE-2025-44137

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-44136
CVE
CVE-2025-3365
CVE
CVE-2025-48292
CVE
CVE-2025-39491
CVE
CVE-2025-4545
CVE
CVE-2025-41368
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.