CVE-2025-34248

Q: How severe is CVE-2025-34248?

CVSS scoring is not yet available for CVE-2025-34248. Check NVD for updates.

Q: Is there a patch for CVE-2025-34248?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.

Vulnerability Description

D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to delete arbitrary files impacting the integrity and availability of the system.

Related Weaknesses (CWE)

CWE-22

References

https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10472
https://www.dlink.com/en/for-business/nuclias/nuclias-connect
https://www.vulncheck.com/advisories/dlink-nuclias-connect-directory-traversal-t

FAQ

What is CVE-2025-34248?

CVE-2025-34248 is a documented vulnerability. D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList par...

How severe is CVE-2025-34248?

CVSS scoring is not yet available for CVE-2025-34248. Check NVD for updates.

Is there a patch for CVE-2025-34248?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.