CVE-2025-57432

Published: Sep 22, 2025Modified: Oct 14, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. This service allows remote attackers to manipulate stream settings, including changing video modes and possibly altering device functionality. No credentials or authentication mechanisms are required to interact with the Telnet interface.

Affected (2)

Products: Blackmagicdesign: Web Presenter Hd Firmware, Web Presenter 4k Firmware

Blackmagicdesign

2 products

Web Presenter Hd Firmware

Web Presenter 4k Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Blackmagicdesign Web Presenter Hd Firmware	Version 3.3

Running on/with	Platform Versions
Blackmagicdesign Web Presenter Hd	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Blackmagicdesign Web Presenter 4k Firmware	Version 3.3

Running on/with	Platform Versions
Blackmagicdesign Web Presenter 4k	All versions

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (3)

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57432

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.blackmagicdesign.com/

Source: cve@mitre.org

Product

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57432

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.