CVE-2025-55971
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-55971, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-03

Last updated on: 2025-10-15

Assigner: MITRE

Description

TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4.242+), is vulnerable to a blind, unauthenticated Server-Side Request Forgery (SSRF) vulnerability via the UPnP MediaRenderer service (AVTransport:1). The device accepts unauthenticated SetAVTransportURI SOAP requests over TCP/16398 and attempts to retrieve externally referenced URIs, including attacker-controlled payloads. The blind SSRF allows for sending requests on behalf of the TV, which can be leveraged to probe for other internal or external services accessible by the device (e.g., 127.0.0.1:16XXX, LAN services, or internet targets), potentially enabling additional exploit chains.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-03
Last Modified
2025-10-15
Generated
2026-07-06
AI Q&A
2025-10-03
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
tcl 65c655_firmware v8-r75pt01-lf1v269.001116
tcl 65c655 *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a blind, unauthenticated Server-Side Request Forgery (SSRF) in the TCL 65C655 Smart TV's UPnP MediaRenderer service. An attacker can send unauthenticated requests to the TV's AVTransport service, causing the TV to fetch attacker-controlled external URIs. This allows the attacker to make the TV send requests on their behalf to internal or external network services, potentially probing or exploiting other systems accessible from the TV.

Impact Analysis

The vulnerability can allow an attacker to use the TV to send requests to internal network services or external internet targets without authentication. This can be used to probe internal networks, discover services, or launch further attacks, potentially leading to unauthorized access or exploitation of other devices or services accessible from the TV.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55971. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart