CVE-2025-34253
📊 5.1 MEDIUM⚡ 0.0%🎯 0 exploits
📅 Published Oct 16, 2025
📋 Status: Analyzed
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the 'Network' field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject arbitrary JavaScript to be executed in the context of other users viewing the profile entry. NOTE: D-Link states that a fix is under development.
CVSS v3.1 • NVD
🎯 Affected Products & Systems
1 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | dlink | nuclias connect | ≤ 1.3.1.4 | Vulnerable | cpe:2.3:a:dlink:nuclias_connect:*:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: ≤ 1.3.1.4
CPE:
cpe:2.3:a:dlink:nuclias_connect:*:*:*:*:*:*:*:*
Metrics
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔍 Technical Details
Analysis Status
AnalyzedCVSS Details
5.1 (MEDIUM)v4.0
Source: [email protected]
EPSS Details
0.0% (Minimal)2.5th percentile
Last updated: Nov 1, 2025
Exploitation probability within 30 days
Published Date
Oct 16, 2025 (17 days ago)
Last Modified
Oct 30, 2025 (3 days ago)
Security Weaknesses1
CWE-79
References4
NVDadvisorygeneral+1