CVE-2025-57441 | The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device an… | CVSS 9.8 CRITICAL

Description

The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device and stream configuration information via an unauthenticated Telnet service on port 9990. Upon connection, the attacker can access a protocol preamble that leaks the video mode, routing configuration, input/output labels, device model, and even internal identifiers such as the unique ID. This can be used for reconnaissance and planning further attacks.

Metadata

CVE ID: CVE-2025-57441
State: PUBLISHED
Assigner: mitre
Reserved: 2025-08-17 00:00 UTC
Published: 2025-09-22 00:00 UTC
Last updated: 2025-09-22 17:41 UTC
Primary CWE: CWE-200
CWE-200 Exposure of Sensitive Information to an Unauthorized…
Vendor / Product: n/a / n/a
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
n/a	n/a	—	n/a

Weakness (CWE)

CWE	Source	Description
—	cna	n/a
CWE-200	adp	CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (2)