CVE-2025-34248 is a directory traversal vulnerability classified under CWE-22, affecting D-Link Nuclias Connect firmware versions earlier than 1.3.1.4. The vulnerability exists in the /api/web/dnc/global/database/deleteBackup API endpoint, specifically due to inadequate sanitization of the deleteBackupList parameter. This flaw allows an authenticated attacker with low privileges to craft malicious input that traverses directories outside the intended restricted backup directory. By exploiting this, the attacker can delete arbitrary files on the device's filesystem, potentially removing critical system files or configuration data. The vulnerability does not require user interaction and can be exploited remotely over the network, increasing its risk profile. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L - low privileges), no user interaction (UI:N), and high impact on integrity and availability (VI:H, VA:H). While no public exploits have been reported yet, the vulnerability's characteristics suggest it could be weaponized to disrupt network management operations or cause denial of service. The lack of available patches at the time of reporting necessitates immediate mitigation steps. This vulnerability primarily threatens the integrity and availability of the affected devices, which could cascade into broader network disruptions if exploited.

For European organizations, exploitation of CVE-2025-34248 could lead to unauthorized deletion of critical files on D-Link Nuclias Connect devices, undermining the integrity and availability of network management infrastructure. This can cause network outages, loss of configuration data, and potentially disrupt business operations reliant on these devices. Organizations in sectors such as telecommunications, finance, government, and critical infrastructure that deploy D-Link Nuclias Connect devices are particularly at risk. The impact extends beyond the device itself, as compromised network management can facilitate further attacks or hinder incident response. Given the vulnerability requires only low-level authentication, insider threats or compromised credentials could be leveraged to exploit this flaw. The absence of known exploits currently provides a window for proactive defense, but the high CVSS score indicates a significant threat if weaponized. European entities with remote management enabled on these devices face increased exposure due to the network-accessible nature of the vulnerability.

1. Immediately upgrade D-Link Nuclias Connect firmware to version 1.3.1.4 or later once available to address the vulnerability. 2. Until patches are released, restrict access to the /api/web/dnc/global/database/deleteBackup endpoint by implementing network segmentation and firewall rules limiting access to trusted administrators only. 3. Enforce strong authentication mechanisms and rotate credentials regularly to reduce the risk of low-privilege account compromise. 4. Monitor logs for unusual deletion requests or API calls targeting the deleteBackupList parameter to detect potential exploitation attempts. 5. Employ application-layer filtering or web application firewalls (WAFs) to detect and block path traversal patterns in API requests. 6. Conduct regular backups of device configurations and critical data to enable rapid recovery in case of file deletion. 7. Educate administrators on the risks of this vulnerability and the importance of limiting API access. 8. Review and tighten API permissions to ensure only necessary users have access to sensitive endpoints. 9. Implement intrusion detection systems (IDS) tuned to detect exploitation attempts targeting path traversal vulnerabilities.