Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1 vulnerability by Raise3D

    CVE-2025-10653 (GCVE-0-2025-10653)

    Vulnerability from cvelistv5 – Published: 2025-10-02 20:03 – Updated: 2025-10-02 20:27
    VLAI
    Title
    Raise3D Pro2 Series 3D Printers Authentication Bypass Using an Alternate Path or Channel
    Summary
    An unauthenticated debug port may allow access to the device file system.
    Severity
    8.6 (High)
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Raise3D Pro2 Series Affected: All versions
    		Create a notification for this product.
    Credits
    Souvik Kandar reported this vulnerability to CISA.
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-10653",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-02T20:26:33.185322Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-02T20:27:45.612Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Pro2 Series",
          "vendor": "Raise3D",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Souvik Kandar reported this vulnerability to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated debug port may allow access to the device file system.\u003c/span\u003e"
            }
          ],
          "value": "An unauthenticated debug port may allow access to the device file system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-02T20:03:12.268Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-275-01"
        },
        {
          "url": "https://support.raise3d.com/"
        }
      ],
      "source": {
        "advisory": "ICSA-25-275-01",
        "discovery": "EXTERNAL"
      },
      "title": "Raise3D Pro2 Series 3D Printers Authentication Bypass Using an Alternate Path or Channel",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eRaise3D confirmed this vulnerability exists in the Pro2 Series devices when developer mode is enabled. Raise3D is developing a patched version of the printer firmware; however, no release date has yet been provided.\u003c/p\u003e\u003cp\u003eRaise3D recommends disabling developer mode if it is not required. Further information is available from Raise3D at the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.raise3d.com/\"\u003eRaise3D Support Center\u003c/a\u003e\u0026nbsp;.\u003c/p\u003e"
            }
          ],
          "value": "Raise3D confirmed this vulnerability exists in the Pro2 Series devices when developer mode is enabled. Raise3D is developing a patched version of the printer firmware; however, no release date has yet been provided.\n\nRaise3D recommends disabling developer mode if it is not required. Further information is available from Raise3D at the  Raise3D Support Center https://support.raise3d.com/ \u00a0."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-10653",
    "datePublished": "2025-10-02T20:03:12.268Z",
    "dateReserved": "2025-09-17T19:22:05.886Z",
    "dateUpdated": "2025-10-02T20:27:45.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}