exploitDog

CVE-2025-57441

Опубликовано: 22 сент. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device and stream configuration information via an unauthenticated Telnet service on port 9990. Upon connection, the attacker can access a protocol preamble that leaks the video mode, routing configuration, input/output labels, device model, and even internal identifiers such as the unique ID. This can be used for reconnaissance and planning further attacks.

Ссылки

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57441
Exploit
Third Party Advisory
https://www.blackmagicdesign.com/
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:blackmagicdesign:atem_mini_pro_firmware:2.7:*:*:*:*:*:*:*

cpe:2.3:h:blackmagicdesign:atem_mini_pro:-:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00082

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-200

Связанные уязвимости

GHSA-j3fm-5c8x-8rw2

CVSS3: 9.8

github

5 месяцев назад

The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device and stream configuration information via an unauthenticated Telnet service on port 9990. Upon connection, the attacker can access a protocol preamble that leaks the video mode, routing configuration, input/output labels, device model, and even internal identifiers such as the unique ID. This can be used for reconnaissance and planning further attacks.

EPSS

Процентиль: 24%

0.00082

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-200