CVE-2025-57432

CRITICAL

Blackmagicdesign Web Presenter HD Firmware - Missing Authentication

Title source: rule

Description

Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. This service allows remote attackers to manipulate stream settings, including changing video modes and possibly altering device functionality. No credentials or authentication mechanisms are required to interact with the Telnet interface.

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57432

View Exploit ZIP pw:eip

Product

https://www.blackmagicdesign.com/

Scores

CVSS v3 9.8

EPSS 0.0033

EPSS Percentile 56.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-306

Status published

Products (2)

blackmagicdesign/web_presenter_4k_firmware 3.3

blackmagicdesign/web_presenter_hd_firmware 3.3

Published Sep 22, 2025

Tracked Since Feb 18, 2026