CVE-2025-57432 – Blackmagic Web Presenter version 3.3 exposes an... (How to Fix)

Q: What is the severity of CVE-2025-57432?

CVE-2025-57432 has a CVSS score of 9.8 (CRITICAL). Blackmagic Web Presenter version 3.3 exposes an unauthenticated Telnet service on port 9977, allowing remote attackers to manipulate stream settings and potentially alter device functionality without credentials. This affects all users running the vulnerable version of the software.

📋 TL;DR

Blackmagic Web Presenter version 3.3 exposes an unauthenticated Telnet service on port 9977, allowing remote attackers to manipulate stream settings and potentially alter device functionality without credentials. This affects all users running the vulnerable version of the software.

💻 Affected Systems

Products:

Blackmagic Web Presenter

Versions: Version 3.3

Operating Systems: Embedded/Device OS

Default Config Vulnerable: ⚠️ Yes

Notes: The Telnet service appears to be enabled by default on port 9977 with no authentication mechanism.

📦 What is this software?

Web Presenter 4k Firmware by Blackmagicdesign

View all CVEs affecting Web Presenter 4k Firmware →

Web Presenter Hd Firmware by Blackmagicdesign

View all CVEs affecting Web Presenter Hd Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could completely disrupt video streaming operations, alter critical device settings, or potentially execute arbitrary commands leading to full device compromise.

🟠

Likely Case

Unauthorized users will manipulate stream settings, change video modes, and disrupt normal device operation.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to authorized internal users only.

🌐 Internet-Facing: HIGH - The service is exposed by default and requires no authentication, making internet-facing devices immediately vulnerable.

🏢 Internal Only: HIGH - Even internally, any user on the network can access and manipulate the device without authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only basic Telnet knowledge and no special tools or techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.blackmagicdesign.com/

Restart Required: No

Instructions:

Check Blackmagic Design website for security updates. If patch is available, download and apply according to vendor instructions.

🔧 Temporary Workarounds

Block Telnet Port

all

Block access to port 9977 using firewall rules to prevent external and unauthorized internal access.

iptables -A INPUT -p tcp --dport 9977 -j DROP
netsh advfirewall firewall add rule name="Block Web Presenter Telnet" dir=in action=block protocol=TCP localport=9977

Network Segmentation

all

Isolate Web Presenter devices on a separate VLAN with strict access controls.

🧯 If You Can't Patch

Implement strict network segmentation to isolate Web Presenter devices from untrusted networks
Deploy network monitoring to detect and alert on Telnet connections to port 9977

🔍 How to Verify

Check if Vulnerable:

Use Telnet to connect to the device on port 9977: telnet [device_ip] 9977. If connection succeeds without authentication, device is vulnerable.

Check Version:

Check device web interface or physical display for firmware version information.

Verify Fix Applied:

Attempt Telnet connection to port 9977. Connection should fail or require authentication after remediation.

📡 Detection & Monitoring

Log Indicators:

Telnet connection attempts to port 9977
Unauthorized configuration changes in device logs

Network Indicators:

TCP connections to port 9977 from unauthorized sources
Telnet traffic to Web Presenter devices

SIEM Query:

source_port=9977 OR dest_port=9977 AND protocol=TCP

📊 Metadata

CVE ID: CVE-2025-57432

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-306

EPSS Score: 0.66% exploit probability (70.7th percentile)

Published: September 22, 2025

Last Updated: October 14, 2025

🔗 References

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57432 Exploit,Third Party Advisory
https://www.blackmagicdesign.com/ Product
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57432 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-57432, you might also want to check these: