CVE-2025-34248 is a directory traversal vulnerability classified under CWE-22 found in D-Link Nuclias Connect firmware versions earlier than 1.3.1.4. The vulnerability arises from improper sanitization of the deleteBackupList parameter in the /api/web/dnc/global/database/deleteBackup API endpoint. This flaw allows an authenticated attacker with limited privileges to craft malicious requests that traverse directories and delete arbitrary files on the device's filesystem. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring no user interaction (UI:N), and no elevated privileges beyond authentication (PR:L). The vulnerability impacts both the integrity and availability of the device by enabling deletion of critical system or configuration files, potentially causing device malfunction or denial of service. The CVSS 4.0 base score is 7.2 (high severity), reflecting the significant risk posed by this vulnerability. No public exploits are currently known, but the vulnerability's nature makes it a prime target for attackers aiming to disrupt network infrastructure. The lack of patch links suggests that a fix may be forthcoming or that mitigation guidance is limited at present. This vulnerability underscores the critical need for robust input validation and secure API design in network device firmware to prevent path traversal attacks that can compromise device stability and security.

The exploitation of CVE-2025-34248 can have severe consequences for organizations relying on D-Link Nuclias Connect devices. By deleting arbitrary files, attackers can compromise the integrity of device configurations and system files, leading to misconfigurations, loss of critical data, or corrupted firmware. This can result in device instability, service outages, or complete denial of service, disrupting network operations and potentially impacting business continuity. Since Nuclias Connect devices are often used in enterprise and SMB network environments, such disruptions could affect internal communications, access control, and network management. The requirement for authentication limits the attack surface but does not eliminate risk, especially in environments where credential compromise or insider threats exist. The vulnerability could also be leveraged as part of a larger attack chain to facilitate lateral movement or persistent disruption within a network. Overall, the threat poses a significant risk to the availability and integrity of network infrastructure, necessitating prompt remediation.

Organizations should immediately verify the firmware version of their D-Link Nuclias Connect devices and upgrade to version 1.3.1.4 or later once available. Until patches are released, administrators should restrict access to the management API endpoints, especially /api/web/dnc/global/database/deleteBackup, by implementing network segmentation and access control lists to limit authenticated user access. Employ strong authentication mechanisms and monitor for unusual API usage patterns indicative of exploitation attempts. Regularly audit user accounts and credentials to reduce the risk of unauthorized access. Additionally, implement file integrity monitoring on critical devices to detect unauthorized file deletions or modifications. Where possible, disable or restrict backup deletion functionality if not required operationally. Maintain up-to-date backups of device configurations and firmware to enable rapid recovery in case of compromise. Finally, engage with D-Link support channels to obtain official patches and guidance as they become available.