CVE-2025-44137

HIGH EXPLOITED NUCLEI

MapTiler Tileserver-php v2.0 - Path Traversal via TileMatrix, TileRow, TileCol, and Format Parameters

Title source: llm

Exploitation Summary

CVE-2025-44137 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including mheranco. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC demonstrates an unauthenticated directory traversal vulnerability in MapTiler Tileserver-php v2.0, allowing arbitrary file read via manipulated GET parameters. The exploit leverages improper path sanitization in the `renderTile` function to traverse directories and access sensitive files like `/etc/passwd`.

Description

MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web server. Affected GET parameters are "TileMatrix", "TileRow", "TileCol" and "Format"

Exploits (1)

nomisec WORKING POC

by mheranco · infoleak

https://github.com/mheranco/CVE-2025-44137

View Code ZIP pw:eip

This PoC demonstrates an unauthenticated directory traversal vulnerability in MapTiler Tileserver-php v2.0, allowing arbitrary file read via manipulated GET parameters. The exploit leverages improper path sanitization in the `renderTile` function to traverse directories and access sensitive files like `/etc/passwd`.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: MapTiler Tileserver-php v2.0

No auth needed

Prerequisites: Network access to the vulnerable Tileserver-php instance

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

MapTiler Tileserver-php v2.0 - Unauthenticated File Read

HIGHVERIFIEDby 0x_Akoko

Shodan: title:"TileServer-php"

FOFA: title="TileServer-php"

References (3)

Core 3

Core References

Exploit, Issue Tracking

https://github.com/maptiler/tileserver-php/issues/167

Exploit

https://github.com/mheranco/CVE-2025-44137

Patch

https://github.com/maptiler/tileserver-php/commit/4fe14e6164bbe2a3f9e3b3d7acf303e3ec210c8e

View Patch ZIP pw:eip

Scores

CVSS v3 8.2

EPSS 0.0061

EPSS Percentile 70.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2025-11-27

CWE

CWE-22

Status published

Products (1)

maptiler/tileserver_php 2.0

Published Jul 29, 2025

Tracked Since Feb 18, 2026