CVE-2025-57432

Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. This service allows remote attackers to manipulate stream settings, including changing video modes and possibly altering device functionality. No credentials or authentication mechanisms are required to interact with the Telnet interface.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57432	Exploit Third Party Advisory
https://www.blackmagicdesign.com/	Product
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57432	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:blackmagicdesign:web_presenter_hd_firmware:3.3:*:*:*:*:*:*:*

cpe:2.3:h:blackmagicdesign:web_presenter_hd:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:blackmagicdesign:web_presenter_4k_firmware:3.3:*:*:*:*:*:*:*

cpe:2.3:h:blackmagicdesign:web_presenter_4k:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-09-22 16:15

Updated : 2025-10-14 19:56

NVD link : CVE-2025-57432

Mitre link : CVE-2025-57432

CVE.ORG link : CVE-2025-57432

JSON object : View

Products Affected

blackmagicdesign

web_presenter_4k_firmware
web_presenter_hd_firmware
web_presenter_hd
web_presenter_4k

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2025-57432", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-09-22T16:15:44.753", "references": [{"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57432", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.blackmagicdesign.com/", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57432", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. This service allows remote attackers to manipulate stream settings, including changing video modes and possibly altering device functionality. No credentials or authentication mechanisms are required to interact with the Telnet interface."}], "lastModified": "2025-10-14T19:56:50.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:blackmagicdesign:web_presenter_hd_firmware:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7ACF4FB7-6908-4CF9-87A6-40B6136E171B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:blackmagicdesign:web_presenter_hd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2078F064-D32A-4BAC-B0AC-20641B30DB55"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:blackmagicdesign:web_presenter_4k_firmware:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C651A33-3D9B-4C19-9136-EC5CD86D96EF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:blackmagicdesign:web_presenter_4k:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ED01C512-99FE-40FF-943A-6841ACBBC7D1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}