CVE-2025-57441 – The Blackmagic ATEM Mini Pro 2.7 exposes sensit... (How to Fix)

Q: What is the severity of CVE-2025-57441?

CVE-2025-57441 has a CVSS score of 9.8 (CRITICAL). The Blackmagic ATEM Mini Pro 2.7 exposes sensitive configuration information via an unauthenticated Telnet service on port 9990. Attackers can gather reconnaissance data including device details, video settings, and internal identifiers to plan further attacks. All users of this specific device version are affected.

📋 TL;DR

The Blackmagic ATEM Mini Pro 2.7 exposes sensitive configuration information via an unauthenticated Telnet service on port 9990. Attackers can gather reconnaissance data including device details, video settings, and internal identifiers to plan further attacks. All users of this specific device version are affected.

💻 Affected Systems

Products:

Blackmagic ATEM Mini Pro

Versions: 2.7 firmware version

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with firmware version 2.7; earlier or later versions may not be vulnerable.

📦 What is this software?

Atem Mini Pro Firmware by Blackmagicdesign

View all CVEs affecting Atem Mini Pro Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers use leaked information to execute follow-on attacks like unauthorized stream manipulation, device takeover, or network pivoting to other systems.

🟠

Likely Case

Information disclosure enables reconnaissance for targeted attacks, potentially leading to stream hijacking, configuration tampering, or denial of service.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to information disclosure without direct system compromise.

🌐 Internet-Facing: HIGH - Direct exposure allows remote attackers to gather intelligence without authentication.

🏢 Internal Only: MEDIUM - Internal attackers can still gather sensitive information for lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple telnet connection to port 9990 reveals information without any authentication or special tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.blackmagicdesign.com/

Restart Required: No

Instructions:

Check Blackmagic Design website for firmware updates addressing CVE-2025-57441. Apply any available patches following vendor instructions.

🔧 Temporary Workarounds

Block Telnet Port

all

Block access to port 9990 using firewall rules to prevent unauthorized connections.

iptables -A INPUT -p tcp --dport 9990 -j DROP
netsh advfirewall firewall add rule name="Block ATEM Telnet" dir=in action=block protocol=TCP localport=9990

Network Segmentation

all

Isolate ATEM Mini Pro devices on separate VLANs with strict access controls.

🧯 If You Can't Patch

Implement strict network segmentation to isolate ATEM devices from untrusted networks
Monitor network traffic to port 9990 for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Connect to device IP on port 9990 using telnet: 'telnet [device_ip] 9990'. If connection succeeds and shows configuration data, device is vulnerable.

Check Version:

Check device firmware version through ATEM Software Control interface or device settings menu.

Verify Fix Applied:

Attempt telnet connection to port 9990. Connection should fail or show no sensitive information if fixed.

📡 Detection & Monitoring

Log Indicators:

Telnet connection attempts to port 9990
Unusual outbound connections from ATEM device

Network Indicators:

TCP connections to port 9990 from unauthorized IPs
Telnet protocol traffic to ATEM devices

SIEM Query:

source_port=9990 OR destination_port=9990 OR protocol="telnet"

📊 Metadata

CVE ID: CVE-2025-57441

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-200

EPSS Score: 0.11% exploit probability (28.9th percentile)

Published: September 22, 2025

Last Updated: October 17, 2025

🔗 References

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57441 Exploit,Third Party Advisory
https://www.blackmagicdesign.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-57441, you might also want to check these: