CVE-2025-55972
Last modified
CVE-2025-55972 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS) condition. By sending a flood of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoint, an attacker can cause the device to become unresponsive. EPSS estimates a 0.50% chance of exploitation in the next 30 days.
Description
A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS) condition. By sending a flood of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoint, an attacker can cause the device to become unresponsive. This denial persists as long as the attack continues and affects all forms of TV operation. Manual user control and even reboots do not restore functionality unless the flood stops.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tcl | 65c655 Firmware | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-55972?
How severe is CVE-2025-55972?
How do I fix CVE-2025-55972?
Are you affected by CVE-2025-55972?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST