CVE-2025-55971 — MEDIUM (4.7)

Vulnerability Description

TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4.242+), is vulnerable to a blind, unauthenticated Server-Side Request Forgery (SSRF) vulnerability via the UPnP MediaRenderer service (AVTransport:1). The device accepts unauthenticated SetAVTransportURI SOAP requests over TCP/16398 and attempts to retrieve externally referenced URIs, including attacker-controlled payloads. The blind SSRF allows for sending requests on behalf of the TV, which can be leveraged to probe for other internal or external services accessible by the device (e.g., 127.0.0.1:16XXX, LAN services, or internet targets), potentially enabling additional exploit chains.

CVSS Score

4.7

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Tcl	65C655 Firmware	v8-r75pt01-lf1v269.001116
Tcl	65C655	-

Related Weaknesses (CWE)

CWE-918

References

https://github.com/Szym0n13k/CVE-2025-55971-Blind-Unauthenticated-SSRF-in-TCL-SmThird Party Advisory
https://www.youtube.com/watch?v=FeNLGR_xFIAExploit

FAQ

What is CVE-2025-55971?

CVE-2025-55971 is a vulnerability with a CVSS score of 4.7 (MEDIUM). TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4.242+), is vulnerable to a blind, unauthenticated Server-Side Request Forgery (SSRF) vulnerability via th...

How severe is CVE-2025-55971?

CVE-2025-55971 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-55971?

Check the references section above for vendor advisories and patch information. Affected products include: Tcl 65C655 Firmware, Tcl 65C655.