Remote Denial of Service in TCL Smart TV UPnP/DLNA Implementation
CVE-2025-55972

7.5HIGH

Key Information:

Vendor: TCL
Status: TCL Smart TV
Vendor: CVE Published:; 3 October 2025

What is CVE-2025-55972?

A vulnerability exists in TCL Smart TVs operating with a UPnP/DLNA MediaRenderer implementation, which exposes the device to a remote denial of service attack. Attackers can exploit this flaw by sending a barrage of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoint. This results in the TV becoming unresponsive, crippling all functionalities. Notably, even manual user intervention or rebooting the device does not restore normal operations unless the attack is halted, leaving users vulnerable to prolonged disruptions.

References

https://www.youtube.com/watch?v=CRik5mp4SW4

https://github.com/Szym0n13k/CVE-2025-55972-Remote-Unauth...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2025
Vulnerability Reserved
Aug 16, 2025

JSON