CVE-2025-57441
BaseFortify
Publication date: 2025-09-22
Last updated on: 2025-10-17
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| blackmagicdesign | atem_mini_pro_firmware | 2.7 |
| blackmagicdesign | atem_mini_pro | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Blackmagic ATEM Mini Pro 2.7 involves an unauthenticated Telnet service running on port 9990 that exposes sensitive device and stream configuration information. An attacker connecting to this service can access details such as video mode, routing configuration, input/output labels, device model, and unique internal identifiers. This information leakage can be used for reconnaissance and to plan further attacks.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to gain sensitive configuration information without authentication, which can lead to unauthorized access, compromise of device integrity, and disruption of video streaming services. The high CVSS score (9.8) indicates it poses a critical risk with potential for confidentiality, integrity, and availability impacts.