CVE-2025-57441

Published: Sep 22, 2025Modified: Oct 17, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device and stream configuration information via an unauthenticated Telnet service on port 9990. Upon connection, the attacker can access a protocol preamble that leaks the video mode, routing configuration, input/output labels, device model, and even internal identifiers such as the unique ID. This can be used for reconnaissance and planning further attacks.

Affected (1)

Products: Blackmagicdesign: Atem Mini Pro Firmware

Blackmagicdesign

1 product

Atem Mini Pro Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Blackmagicdesign Atem Mini Pro Firmware	Version 2.7

Running on/with	Platform Versions
Blackmagicdesign Atem Mini Pro	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57441

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.blackmagicdesign.com/

Source: cve@mitre.org

Product

Timeline

No history available yet.