Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

1 vulnerability by Raise3D

CVE-2025-10653 (GCVE-0-2025-10653)

Vulnerability from cvelistv5 – Published: 2025-10-02 20:03 – Updated: 2025-10-02 20:27
VLAI
Title
Raise3D Pro2 Series 3D Printers Authentication Bypass Using an Alternate Path or Channel
Summary
An unauthenticated debug port may allow access to the device file system.
Severity
8.6 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Raise3D Pro2 Series Affected: All versions
Create a notification for this product.
Credits
Souvik Kandar reported this vulnerability to CISA.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-10653",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-02T20:26:33.185322Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-02T20:27:45.612Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Pro2 Series",
          "vendor": "Raise3D",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Souvik Kandar reported this vulnerability to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated debug port may allow access to the device file system.\u003c/span\u003e"
            }
          ],
          "value": "An unauthenticated debug port may allow access to the device file system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-02T20:03:12.268Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-275-01"
        },
        {
          "url": "https://support.raise3d.com/"
        }
      ],
      "source": {
        "advisory": "ICSA-25-275-01",
        "discovery": "EXTERNAL"
      },
      "title": "Raise3D Pro2 Series 3D Printers Authentication Bypass Using an Alternate Path or Channel",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eRaise3D confirmed this vulnerability exists in the Pro2 Series devices when developer mode is enabled. Raise3D is developing a patched version of the printer firmware; however, no release date has yet been provided.\u003c/p\u003e\u003cp\u003eRaise3D recommends disabling developer mode if it is not required. Further information is available from Raise3D at the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.raise3d.com/\"\u003eRaise3D Support Center\u003c/a\u003e\u0026nbsp;.\u003c/p\u003e"
            }
          ],
          "value": "Raise3D confirmed this vulnerability exists in the Pro2 Series devices when developer mode is enabled. Raise3D is developing a patched version of the printer firmware; however, no release date has yet been provided.\n\nRaise3D recommends disabling developer mode if it is not required. Further information is available from Raise3D at the  Raise3D Support Center https://support.raise3d.com/ \u00a0."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-10653",
    "datePublished": "2025-10-02T20:03:12.268Z",
    "dateReserved": "2025-09-17T19:22:05.886Z",
    "dateUpdated": "2025-10-02T20:27:45.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}