Vulnerability Description
The Blackmagic ATEM Mini Pro 2.7 exposes an undocumented Telnet service on TCP port 9993, which accepts unauthenticated plaintext commands for controlling streaming, recording, formatting storage devices, and system reboot. This interface, referred to as the "ATEM Ethernet Protocol 1.0", provides complete device control without requiring credentials or encryption. An attacker on the same network (or with remote access to the exposed port) can exploit this interface to execute arbitrary streaming commands, erase disks, or shut down the device - effectively gaining full remote control.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-5744
- https://www.blackmagicdesign.com/
FAQ
What is CVE-2025-57440?
CVE-2025-57440 is a vulnerability with a CVSS score of 7.5 (HIGH). The Blackmagic ATEM Mini Pro 2.7 exposes an undocumented Telnet service on TCP port 9993, which accepts unauthenticated plaintext commands for controlling streaming, recording, formatting storage devi...
How severe is CVE-2025-57440?
CVE-2025-57440 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-57440?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.