CVE-2025-34248 is a directory traversal vulnerability classified under CWE-22, found in D-Link Nuclias Connect firmware versions earlier than 1.3.1.4. The vulnerability resides in the API endpoint /api/web/dnc/global/database/deleteBackup, specifically in the handling of the deleteBackupList parameter. Due to insufficient input validation and improper sanitization, an authenticated attacker with low privileges can craft malicious requests that traverse directories and delete arbitrary files on the device's filesystem. This can lead to the removal of critical system files or backups, severely impacting the device's integrity and availability. The vulnerability is remotely exploitable over the network without requiring user interaction, increasing its risk profile. The CVSS v4.0 base score is 7.2 (high), reflecting network attack vector, low attack complexity, no user interaction, and significant impact on integrity and availability. While no public exploits have been reported yet, the vulnerability's nature and ease of exploitation make it a serious threat to organizations using affected D-Link Nuclias Connect devices, which are commonly deployed for network management in enterprise and SMB environments.

For European organizations, exploitation of this vulnerability could result in unauthorized deletion of critical files on D-Link Nuclias Connect devices, leading to network management disruptions, loss of configuration backups, and potential downtime. This impacts the integrity and availability of network infrastructure, potentially causing cascading effects on connected systems and services. Organizations in sectors such as telecommunications, finance, healthcare, and government, which rely on stable and secure network management solutions, may experience operational interruptions and increased recovery costs. The requirement for authentication limits exposure but does not eliminate risk, especially if credential compromise occurs through phishing or insider threats. The lack of user interaction requirement and network accessibility of the vulnerable endpoint heighten the threat, particularly in environments where management interfaces are exposed or insufficiently segmented.

1. Apply firmware updates to D-Link Nuclias Connect devices, upgrading to version 1.3.1.4 or later as soon as patches become available from the vendor. 2. Restrict access to the management interface by implementing network segmentation and firewall rules to limit access only to trusted administrative hosts. 3. Enforce strong authentication mechanisms and regularly rotate credentials to reduce the risk of unauthorized access. 4. Monitor logs and network traffic for unusual deleteBackup API calls or other suspicious activity targeting the management interface. 5. Implement strict input validation and filtering at network boundaries where possible to detect and block path traversal attempts. 6. Conduct regular backups of device configurations and critical data to enable rapid recovery in case of file deletion or corruption. 7. Educate administrators on secure management practices and the importance of promptly applying security updates.