CVE-2025-57440

Sept. 22, 2025, 9:22 p.m.

None
No Score

Description

The Blackmagic ATEM Mini Pro 2.7 exposes an undocumented Telnet service on TCP port 9993, which accepts unauthenticated plaintext commands for controlling streaming, recording, formatting storage devices, and system reboot. This interface, referred to as the "ATEM Ethernet Protocol 1.0", provides complete device control without requiring credentials or encryption. An attacker on the same network (or with remote access to the exposed port) can exploit this interface to execute arbitrary streaming commands, erase disks, or shut down the device - effectively gaining full remote control.

Product(s) Impacted

Vendor Product Versions
Blackmagic
  • Blackmagic Atem Mini Pro
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a blackmagic blackmagic_atem_mini_pro / / / / / / / /

References

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57440
https://www.blackmagicdesign.com/

Tags

cve@mitre.org
2025-09-22
CVE-2025-57440

Timeline

Published: Sept. 22, 2025, 6:15 p.m.
Last Modified: Sept. 22, 2025, 9:22 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.