Remote Denial of Service in TCL Smart TV UPnP/DLNA Implementation
CVE-2025-55972

7.5HIGH

Key Information:

Vendor: TCL
Status: TCL Smart TV
Vendor: CVE Published:; 3 October 2025

What is CVE-2025-55972?

A vulnerability exists in TCL Smart TVs operating with a UPnP/DLNA MediaRenderer implementation, which exposes the device to a remote denial of service attack. Attackers can exploit this flaw by sending a barrage of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoint. This results in the TV becoming unresponsive, crippling all functionalities. Notably, even manual user intervention or rebooting the device does not restore normal operations unless the attack is halted, leaving users vulnerable to prolonged disruptions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.youtube.com/watch?v=CRik5mp4SW4

https://github.com/Szym0n13k/CVE-2025-55972-Remote-Unauth...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2025
Vulnerability Reserved
Aug 16, 2025

JSON

TCL

What is CVE-2025-55972?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.