CVE-2025-57432 | Blackmagic Web Presenter version 3.3 exposes a Telnet servic… | CVSS 9.8 CRITICAL

Description

Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. This service allows remote attackers to manipulate stream settings, including changing video modes and possibly altering device functionality. No credentials or authentication mechanisms are required to interact with the Telnet interface.

Metadata

CVE ID: CVE-2025-57432
State: PUBLISHED
Assigner: mitre
Reserved: 2025-08-17 00:00 UTC
Published: 2025-09-22 00:00 UTC
Last updated: 2025-09-23 18:13 UTC
Primary CWE: CWE-306
CWE-306 Missing Authentication for Critical Function
Vendor / Product: n/a / n/a
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
n/a	n/a	—	n/a

Weakness (CWE)

CWE	Source	Description
—	cna	n/a
CWE-306	adp	CWE-306 Missing Authentication for Critical Function

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (2)