CVE-2025-10653 is a high-severity vulnerability affecting all versions of the Raise3D Pro2 Series 3D printers. The root cause is an unauthenticated debug port that provides direct access to the device's file system without requiring any authentication or user interaction. This vulnerability is classified under CWE-288, which pertains to authentication issues where access control is insufficient or missing. The debug port, typically intended for development or troubleshooting, is exposed in production devices, allowing an attacker with network access to connect and browse or manipulate the internal file system. The CVSS 3.1 base score of 8.6 reflects the critical nature of this issue: it can be exploited remotely over the network (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and impacts confidentiality (C:H), integrity (I:L), and availability (A:L) of the device. Specifically, confidentiality is highly impacted as attackers can read sensitive files, potentially including configuration, credentials, or proprietary data. Integrity is moderately impacted since attackers could modify files, potentially altering device behavior or firmware. Availability is also affected as attackers might disrupt printing operations or cause device malfunctions. No patches have been released yet, and no known exploits are reported in the wild, but the vulnerability's characteristics make it a significant risk, especially in environments where these printers are network-accessible. The Raise3D Pro2 Series is used in various industries for rapid prototyping and manufacturing, so unauthorized access could lead to intellectual property theft, operational disruption, or sabotage.

For European organizations, the impact of this vulnerability can be substantial, particularly in sectors relying on additive manufacturing such as automotive, aerospace, healthcare, and industrial design. Unauthorized access to the device file system could lead to theft of proprietary design files or blueprints, compromising intellectual property and competitive advantage. Additionally, attackers could alter printer configurations or firmware to produce defective parts, potentially causing safety issues or costly production delays. The confidentiality breach could also expose sensitive operational data or network credentials stored on the device. Given the network-exposed nature of the vulnerability, attackers could pivot from compromised printers to other internal systems, increasing the risk of broader network compromise. Organizations with distributed manufacturing sites or those using these printers in critical infrastructure contexts face heightened risks. The lack of authentication and ease of exploitation mean that even low-skilled attackers could leverage this vulnerability if network access is available, increasing the threat landscape. Furthermore, the potential for availability impact could disrupt manufacturing workflows, leading to financial losses and reputational damage.

Immediate mitigation steps should include isolating Raise3D Pro2 Series printers on dedicated network segments with strict access controls, preferably behind firewalls or VPNs to restrict access to trusted personnel only. Network-level filtering should block unauthorized inbound connections to the debug port. Organizations should conduct thorough network scans to identify exposed devices and remediate exposure promptly. Until a vendor patch is available, disabling or physically blocking the debug port, if feasible, is recommended to prevent unauthorized access. Monitoring network traffic for unusual activity targeting these devices can help detect exploitation attempts early. Implementing strict network segmentation between manufacturing equipment and corporate IT networks reduces lateral movement risk. Organizations should also review and update asset inventories to ensure all affected devices are accounted for and apply compensating controls such as enhanced logging and alerting. Engaging with Raise3D for updates and patches is critical, and once available, timely deployment is essential. Additionally, educating staff about the risks and enforcing strong network security hygiene will help mitigate exploitation risks.