CNNVD-202507-3620 Information

CNNVD ID

CNNVD-202507-3620

Related CVE

CVE-2025-44137

• CNNVD Published: 2025-07-29

Description (Chinese)

TileServer PHP是MapTiler开源的一个文件夹托管软件。 TileServer PHP v2.0版本存在安全漏洞，该漏洞源于renderTile函数允许路径遍历，可能导致读取任意文件。

Description (English)

TileServer PHP is a folder hosting software for MapTiler Open Source. There is a security loophole in version TileServer PHP v2.0, which originates from the EnderTile function, which allows the path to go through and may lead to the reading of any file.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

MapTiler

Published

2025-07-29

Last Modified

2026-02-24

References

https://github.com/mheranco/CVE-2025-44137 https://github.com/maptiler/tileserver-php/issues/167 https://access.redhat.com/security/cve/cve-2025-44137