CVE-2025-57432

CRITICAL

Blackmagic Web Presenter 3.3 - Unauthenticated Remote Command Execution via Telnet Service

Title source: llm

Description

Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. This service allows remote attackers to manipulate stream settings, including changing video modes and possibly altering device functionality. No credentials or authentication mechanisms are required to interact with the Telnet interface.

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57432

View Exploit ZIP pw:eip

Product

https://www.blackmagicdesign.com/

Scores

CVSS v3 9.8

EPSS 0.0060

EPSS Percentile 44.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-306

Status published

Products (2)

blackmagicdesign/web_presenter_4k_firmware 3.3

blackmagicdesign/web_presenter_hd_firmware 3.3

Published Sep 22, 2025

Tracked Since Feb 18, 2026