The Blackmagic ATEM Mini Pro 2.7 device contains a critical vulnerability identified as CVE-2025-57440, involving an undocumented Telnet service running on TCP port 9993. This service implements the ATEM Ethernet Protocol 1.0, which accepts plaintext commands without any authentication or encryption. Commands include controlling streaming and recording functions, formatting storage devices, and rebooting the system. Because the interface does not require credentials, any attacker with network access to the device's port 9993 can gain full control, including the ability to disrupt live streams, erase recorded content, or cause device downtime. The vulnerability stems from improper access control and exposure of a management interface intended for internal use only. Exploitation is straightforward since no user interaction or privileges are required, and the attack surface includes any network segment where the device is reachable. The CVSS 3.1 base score is 7.5, reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and a high impact on availability (denial of service through device reboot or data loss). No patches or vendor advisories are currently available, and no exploits have been observed in the wild. However, the potential for disruption in professional media environments is significant, especially where these devices are used for critical live production workflows.

For European organizations, particularly broadcasters, media production companies, and live event streaming services using the Blackmagic ATEM Mini Pro 2.7, this vulnerability poses a serious risk to operational continuity. Exploitation can result in immediate denial of service by rebooting the device or erasing storage media, leading to loss of recorded content and interruption of live streams. This can cause reputational damage, financial losses, and disruption of critical communications. Since the device controls streaming and recording, attackers could also manipulate live content or cause outages during high-profile events. The lack of authentication and encryption means that any insider threat or attacker with network access can exploit the vulnerability easily. Additionally, if the device is exposed to the internet or poorly segmented networks, remote exploitation is possible, increasing the attack surface. The impact is primarily on availability, but the integrity of live broadcasts could also be indirectly affected through unauthorized command execution.

European organizations should immediately audit their network environments to identify any Blackmagic ATEM Mini Pro 2.7 devices and verify if TCP port 9993 is accessible from untrusted networks. Network segmentation should be enforced to isolate these devices from general user networks and the internet. Firewall rules must block inbound and outbound traffic on port 9993 except from trusted management hosts. Monitoring and alerting should be implemented for any unusual traffic or commands targeting this port. Physical security controls should prevent unauthorized local network access. Until a vendor patch or firmware update is released, organizations should consider disabling or blocking the Telnet service if possible, or replacing affected devices with alternatives that do not expose unauthenticated management interfaces. Regular backups of recorded content and configurations are essential to recover from potential data loss. Finally, organizations should engage with Blackmagic Design for updates and advisories and apply patches promptly once available.