CVE-2025-10653
📋 TL;DR
CVE-2025-10653 exposes an unauthenticated debug port on affected devices, allowing attackers to access the device's file system without credentials. This affects Raise3D 3D printers and potentially other industrial control systems with similar debug configurations. Attackers can read, modify, or delete sensitive files through this exposed interface.
💻 Affected Systems
- Raise3D 3D printers
- Other industrial control systems with similar debug configurations
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise including firmware modification, data theft, ransomware deployment, or physical damage to connected equipment through malicious file manipulation.
Likely Case
Unauthorized access to configuration files, intellectual property theft from stored print files, or disruption of printing operations through file deletion/modification.
If Mitigated
Limited impact with proper network segmentation and access controls preventing external access to the debug port.
🎯 Exploit Status
The vulnerability requires network access to the debug port but no authentication, making exploitation straightforward for attackers who can reach the service.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://support.raise3d.com/
Restart Required: Yes
Instructions:
1. Check Raise3D support site for firmware updates. 2. Download latest firmware. 3. Apply update following vendor instructions. 4. Verify debug port is disabled post-update.
🔧 Temporary Workarounds
Disable Debug Port via Firewall
linuxBlock access to the debug port using network firewall rules
iptables -A INPUT -p tcp --dport [DEBUG_PORT] -j DROP
ufw deny [DEBUG_PORT]/tcp
Network Segmentation
allIsolate affected devices in separate network segments without internet access
🧯 If You Can't Patch
- Implement strict network access controls to prevent external access to device debug ports
- Monitor network traffic to debug ports and alert on any connection attempts
🔍 How to Verify
Check if Vulnerable:
Attempt to connect to the debug port (typically TCP port 23, 2323, or vendor-specific) without authentication using telnet or ncCheck Version:
Check device web interface or console for firmware version informationVerify Fix Applied:
Verify debug port is no longer accessible and check firmware version matches patched release📡 Detection & Monitoring
Log Indicators:
- Unauthorized connection attempts to debug ports
- File system access logs showing unexpected reads/writes
Network Indicators:
- TCP connections to debug ports from unauthorized IPs
- Unusual file transfer patterns to/from device
SIEM Query:
source_ip=* AND dest_port IN (23, 2323, [DEBUG_PORT]) AND action=ALLOW