Login Sign Up

CVE-2025-55972

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability allows remote attackers to cause a Denial of Service (DoS) on TCL Smart TVs by flooding the UPnP/DLNA MediaRenderer with malformed SetAVTransportURI requests. The TV becomes completely unresponsive during the attack, affecting all operations including manual controls and reboots. All TCL Smart TVs with the vulnerable UPnP implementation are affected.

💻 Affected Systems

Products:
  • TCL Smart TVs
Versions: All versions with vulnerable UPnP/DLNA MediaRenderer implementation
Operating Systems: TCL TV OS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires UPnP/DLNA functionality enabled (typically default). TVs connected to networks with untrusted devices are at highest risk.

📦 What is this software?

65c655 Firmware by Tcl

View all CVEs affecting 65c655 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete TV unavailability for extended periods, disrupting all functionality including emergency alerts, streaming services, and basic TV operations until attack stops.

🟠

Likely Case

Temporary TV unresponsiveness during targeted attacks, requiring network isolation or waiting for attack to cease.

🟢

If Mitigated

Minimal impact with proper network segmentation and UPnP disabled.

🌐 Internet-Facing: HIGH - UPnP services are often exposed to local networks and potentially to the internet via UPnP NAT traversal.
🏢 Internal Only: HIGH - Attack can be launched from any device on the same local network as the TV.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple Python scripts available on GitHub demonstrate the attack. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Check TCL support website for firmware updates and apply if available.

🔧 Temporary Workarounds

Disable UPnP/DLNA MediaRenderer

all

Turn off UPnP/DLNA functionality in TV settings to prevent exploitation.

Network Segmentation

all

Isolate TV on separate VLAN or network segment away from untrusted devices.

🧯 If You Can't Patch

  • Disconnect TV from network when not in use
  • Implement network firewall rules to block UPnP traffic (port 1900/udp and related TCP ports) to TV

🔍 How to Verify

Check if Vulnerable:

Check if UPnP/DLNA MediaRenderer is enabled in TV settings. If enabled and TV is on network, it's vulnerable.

Check Version:

Check TV firmware version in Settings > System > About

Verify Fix Applied:

Test by attempting to access UPnP services on TV port 1900/udp. If disabled or blocked, fix is applied.

📡 Detection & Monitoring

Log Indicators:

  • High volume of malformed SOAP requests to UPnP endpoint
  • TV system logs showing service crashes

Network Indicators:

  • Flood of SetAVTransportURI requests to TV on UPnP ports
  • Abnormal traffic patterns to port 1900/udp

SIEM Query:

source_ip:* dest_port:1900 protocol:udp packet_count > 1000 within 1m

📊 Metadata

CVE ID: CVE-2025-55972
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
EPSS Score: 0.17% exploit probability (38.7th percentile)
Published: October 3, 2025
Last Updated: October 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55972, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)