CVE-2025-57440 identifies a critical security vulnerability in the Blackmagic ATEM Mini Pro 2.7 video switcher device. The device exposes an undocumented Telnet service on TCP port 9993, which implements the "ATEM Ethernet Protocol 1.0." This protocol accepts plaintext commands without any authentication or encryption, allowing an attacker with network access to the device to issue arbitrary commands. These commands include controlling streaming and recording functions, formatting storage devices, and rebooting the system. Because the interface does not require credentials, any attacker on the same local network or with remote access to the exposed port can gain full control over the device. This means an attacker can disrupt live video streams, erase critical recorded content by formatting storage, or cause denial of service by rebooting the device at will. The vulnerability arises from the combination of an undocumented service, lack of authentication, and unencrypted communication, which collectively create a high-risk attack surface. Although no known exploits have been reported in the wild yet, the simplicity of exploitation and the severity of potential impacts make this a significant threat to organizations using this hardware for professional video production or streaming.

For European organizations, especially broadcasters, media production companies, educational institutions, and event organizers relying on Blackmagic ATEM Mini Pro 2.7 devices, this vulnerability poses a severe operational risk. Attackers could disrupt live broadcasts or streaming events, causing reputational damage and financial losses. The ability to format storage devices could result in permanent loss of recorded content, impacting compliance with data retention policies or contractual obligations. Furthermore, unauthorized device reboots could cause downtime during critical operations. Given the device’s role in live video production, such disruptions could affect news agencies, sports broadcasters, and corporate communications across Europe. Additionally, organizations with less mature network segmentation or remote access controls are at higher risk of remote exploitation. The lack of encryption and authentication also raises concerns about insider threats or lateral movement by attackers who gain initial network access.

To mitigate this vulnerability, organizations should immediately audit their network to identify any Blackmagic ATEM Mini Pro 2.7 devices and verify if TCP port 9993 is exposed. Network segmentation should be enforced to isolate these devices from general user networks and the internet. Access control lists (ACLs) and firewall rules should block unauthorized access to port 9993, permitting only trusted management hosts. If remote access is necessary, it should be secured via VPNs or other encrypted tunnels that enforce authentication. Since no official patch or firmware update is currently available, organizations should contact Blackmagic Design for guidance and monitor for vendor updates. Additionally, disabling the Telnet service if possible or restricting its binding to localhost would reduce exposure. Regular backups of recorded content and configuration settings should be maintained to enable recovery in case of data loss. Monitoring network traffic for unusual commands or connections to port 9993 can help detect exploitation attempts early.