A critical vulnerability has been identified in multiple Blackmagic ATEM Mini Pro products, assigned CVE-2025-57441 with a CVSS score of 9.8. This flaw allows any unauthenticated attacker on the network to access sensitive device settings and streaming configurations, which could lead to broadcast hijacking, service disruption, and theft of confidential information like stream keys. Immediate patching is required to mitigate the significant risk of reputational damage and operational interruption.

The vulnerability exists due to an exposed, unauthenticated Telnet service running on TCP port 9990. An attacker with network access to the device can connect to this port without providing any credentials. Upon connection, the service grants direct access to the device's configuration protocol, exposing sensitive information such as stream keys, platform credentials, network settings, and other device configurations. This allows a remote attacker to read, and potentially modify, critical settings, leading to a complete compromise of the device's streaming functionality.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation could have severe consequences for the organization, including the complete loss of confidentiality, integrity, and availability of the streaming service. Specific risks include:

• Stream Hijacking: An attacker could steal stream keys to broadcast unauthorized or malicious content on the organization's official channels, causing significant reputational damage.
• Denial of Service: Malicious modification of device configurations could disable broadcasting capabilities, disrupting live events, webinars, or productions, which may result in financial loss.
• Information Exposure: The leak of device and network configurations could provide attackers with information to facilitate broader attacks against the organization's internal network.

Immediate Action:

• Immediately apply the security update provided by the vendor to patch all affected Blackmagic ATEM Mini Pro devices to the latest version.
• After patching, verify that the Telnet service on port 9990 is either disabled or requires authentication.
• Review device access logs and network logs for any signs of compromise or unauthorized connections to port 9990.

Proactive Monitoring:

• Implement network monitoring to detect and alert on any connection attempts to TCP port 9990 on ATEM devices from untrusted network segments or IP addresses.
• Regularly audit device configurations to ensure they have not been altered from their intended state.
• Monitor outbound traffic from the devices for any unusual patterns that might indicate a compromised stream.

Compensating Controls:

• If immediate patching is not feasible, implement strict network segmentation to isolate the ATEM devices from untrusted networks, including guest and general corporate LAN segments.
• Use a firewall to create an access control list (ACL) that explicitly denies all access to TCP port 9990, except from a dedicated and secured management workstation.
• Ensure the device is not exposed directly to the public internet. If remote access is required, it must be facilitated through a secure VPN with multi-factor authentication.

Public Exploit Available: False

Given the critical CVSS score of 9.8 and the low complexity of exploitation, this vulnerability poses an immediate and severe risk to the organization. We strongly recommend that the Immediate Action plan be executed with the highest priority. All affected Blackmagic devices must be patched or have compensating controls applied without delay. Although this vulnerability is not currently on the CISA KEV list, its critical nature warrants treatment as an actively exploited threat. The application of firewall rules to block port 9990 should be performed immediately as a primary compensating control while the patching process is underway.