CVE-2025-55971
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-03

Last updated on: 2025-10-15

Assigner: MITRE

Description
TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4.242+), is vulnerable to a blind, unauthenticated Server-Side Request Forgery (SSRF) vulnerability via the UPnP MediaRenderer service (AVTransport:1). The device accepts unauthenticated SetAVTransportURI SOAP requests over TCP/16398 and attempts to retrieve externally referenced URIs, including attacker-controlled payloads. The blind SSRF allows for sending requests on behalf of the TV, which can be leveraged to probe for other internal or external services accessible by the device (e.g., 127.0.0.1:16XXX, LAN services, or internet targets), potentially enabling additional exploit chains.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-03
Last Modified
2025-10-15
Generated
2026-06-16
AI Q&A
2025-10-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-55971
EUVD
EUVD-2025-32472
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tcl 65c655_firmware v8-r75pt01-lf1v269.001116
tcl 65c655 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a blind, unauthenticated Server-Side Request Forgery (SSRF) in the TCL 65C655 Smart TV's UPnP MediaRenderer service. An attacker can send unauthenticated requests to the TV's AVTransport service, causing the TV to fetch attacker-controlled external URIs. This allows the attacker to make the TV send requests on their behalf to internal or external network services, potentially probing or exploiting other systems accessible from the TV.

Impact Analysis

The vulnerability can allow an attacker to use the TV to send requests to internal network services or external internet targets without authentication. This can be used to probe internal networks, discover services, or launch further attacks, potentially leading to unauthorized access or exploitation of other devices or services accessible from the TV.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55971. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart