CVE-2025-10716 is a medium-severity vulnerability affecting the Creality Cloud App versions up to 6.1.0 on Android devices. The flaw resides in the AndroidManifest.xml configuration of the component com.cxsw.sdprinter, where improper export settings allow unauthorized access to application components. Specifically, this vulnerability arises from the incorrect export of Android application components, which can be manipulated by an attacker with local access to the device. The vulnerability does not require user interaction and can be exploited with low attack complexity, but it does require low-level privileges on the device (PR:L). The improper export could allow an attacker to interact with or manipulate the vulnerable component, potentially leading to unauthorized information disclosure or limited integrity compromise within the app's context. The CVSS 4.0 vector indicates local attack vector (AV:L), low attack complexity (AC:L), no privileges required for attack (AT:N), low privileges required (PR:L), no user interaction (UI:N), and low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The vendor, Creality, has not responded to the disclosure, and no patches are currently available. Although the exploit has been published, there are no known exploits in the wild at this time. The vulnerability is limited to Android devices running the affected versions of the Creality Cloud App, which is used primarily for managing 3D printing devices manufactured by Creality.

For European organizations, the impact of this vulnerability is primarily relevant to those using Creality 3D printers managed via the Creality Cloud App on Android devices. The improper export of application components could allow a local attacker or malicious app on the same device to interact with the vulnerable component, potentially leading to unauthorized access to sensitive information or manipulation of printer settings. While the impact on confidentiality, integrity, and availability is rated low, exploitation could disrupt 3D printing operations or leak proprietary printing data, which may be critical for manufacturing, prototyping, or research organizations relying on Creality printers. Given the local attack vector, the threat is more significant in environments where devices are shared, or where users may inadvertently install malicious applications. The lack of vendor response and absence of patches increases the risk exposure until mitigations are applied. The vulnerability does not pose a direct network threat but could be leveraged as part of a multi-stage attack within a compromised device.

To mitigate this vulnerability, European organizations should first restrict physical and local access to Android devices running the Creality Cloud App to trusted users only. Avoid installing untrusted or unnecessary applications on these devices to reduce the risk of local privilege escalation or component manipulation. Until an official patch is released, consider using alternative management methods for Creality 3D printers that do not rely on the vulnerable app version, such as direct USB connections or alternative software solutions. Monitoring device behavior for unusual activity related to the Creality Cloud App can help detect exploitation attempts. Additionally, organizations should implement mobile device management (MDM) policies to enforce application whitelisting and restrict app permissions. Regularly check for vendor updates or security advisories to apply patches promptly once available. If feasible, isolate devices running the Creality Cloud App on segmented networks to limit lateral movement in case of compromise.