CVE-2025-34248 is a directory traversal vulnerability classified under CWE-22, affecting D-Link Nuclias Connect firmware versions earlier than 1.3.1.4. The vulnerability exists in the /api/web/dnc/global/database/deleteBackup API endpoint, specifically due to improper sanitization of the deleteBackupList parameter. This flaw allows an authenticated attacker with low privileges to craft malicious input that traverses directories outside the intended restricted path, enabling deletion of arbitrary files on the device's filesystem. The attack vector is network-based, requiring no user interaction beyond authentication, and can be executed remotely. Exploiting this vulnerability compromises the integrity and availability of the affected device by potentially deleting critical system or configuration files, which may lead to device malfunction or denial of service. The CVSS 4.0 base score is 7.2 (high), reflecting the network attack vector, low attack complexity, no user interaction, and significant impact on integrity and availability. Although no public exploits are reported yet, the vulnerability's nature and ease of exploitation make it a serious concern. The lack of a patch at the time of reporting necessitates immediate compensating controls. The vulnerability impacts all versions prior to 1.3.1.4, indicating a broad scope of affected devices. Given that Nuclias Connect is used for network device management, exploitation could disrupt network operations and impact business continuity.

For European organizations, exploitation of CVE-2025-34248 could lead to unauthorized deletion of critical files on D-Link Nuclias Connect devices, resulting in degraded network management capabilities or complete device failure. This may cause operational downtime, loss of configuration data, and increased recovery costs. Organizations relying on these devices for managing wireless access points or network infrastructure could experience service interruptions affecting employees and customers. The integrity of network management data could be compromised, potentially allowing attackers to cover tracks or disrupt forensic investigations. Availability impacts could extend to critical services if network devices become unresponsive or require reinstallation. Given the vulnerability requires authentication, insider threats or compromised credentials pose a significant risk. The absence of known exploits currently provides a window for proactive mitigation, but the high severity score underscores the urgency. European sectors such as telecommunications, education, healthcare, and government entities using Nuclias Connect devices are particularly vulnerable to operational disruptions and potential cascading effects on dependent services.

1. Immediately restrict access to the Nuclias Connect management interface by implementing network segmentation and firewall rules to limit access to trusted administrators only. 2. Enforce strong authentication mechanisms and regularly rotate credentials to reduce the risk of credential compromise. 3. Monitor logs and network traffic for unusual deleteBackup API calls or unexpected file deletion activities. 4. Apply the firmware update to version 1.3.1.4 or later as soon as it becomes available from D-Link, which addresses the improper input sanitization. 5. If patching is delayed, consider disabling or restricting the vulnerable API endpoint where feasible. 6. Conduct regular backups of device configurations and critical data to enable rapid recovery in case of exploitation. 7. Educate administrators about the risks of path traversal vulnerabilities and the importance of secure management practices. 8. Implement intrusion detection systems capable of identifying exploitation attempts targeting directory traversal patterns on network devices. 9. Engage with D-Link support channels for any interim mitigation advice or firmware release schedules. 10. Review and update incident response plans to include scenarios involving network device compromise due to path traversal attacks.