Key Information Vulnerability Overview CVE ID: CVE-2025-57440 Product: Blackmagic Design ATEM Mini Pro (Firmware/Software Version: 2.7) Vulnerability Type: Code Execution (CE) Affected Components Telnet service (port 9993) Streaming Control Interface Attack Vector Unauthorized attackers can access the target port over the network and send text commands via Telnet to control and operate device functions. Vulnerable Endpoint Port: 9993 Protocol: Telnet (Blackmagic ATEM Firmware Protocol 1.0) Exploitation Example Exploitable Commands Start streaming: Stop streaming: Reboot device: Record video: Format connected disk: Impact Start or stop live streaming to any destination. Reboot the device at any time. Format connected storage media (potential data loss). Control recording functions. Easily gain system administrative privileges. All of these actions can be performed without any authentication. Discoverer Mohamed Shahat Reference Links CrowdStrike Recommended Mitigations Apply firewall rules to restrict access to port 9993. Disable Telnet service if not in use. Await a patched version from Blackmagic Design. Implement authentication in future firmware to prevent unauthorized access. Remediation Block port 9993 from external-facing traffic and requests. Isolate management and control networks from public networks. Monitor network activity to detect unexpected command patterns.