Unrated severityNVD Advisory· Published Jul 29, 2025· Updated Jul 29, 2025

CVE-2025-44136

Description

MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser.

Affected products

MapTiler/Tileserver-phpdescription
Maptiler/Tileserver Glllm-fuzzy
Range: = 2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/maptiler/tileserver-php/issues/167mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.010
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000