What is the CVSS score of EUVD-2025-32472?

EUVD-2025-32472 has a CVSS 3.1 base score of 4.7 (Medium). CVSS vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L. EPSS exploitation probability: 0.0%.

Which versions of 65c655 Firmware are affected by EUVD-2025-32472?

CVE-2025-55971 presents moderate security risk, a server-side request forgery vulnerability rated CVSS 4.7. Users could be tricked into performing unintended actions.

Is there a public PoC exploit available for EUVD-2025-32472?

Yes, a public proof-of-concept exploit is available for EUVD-2025-32472. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2025-32472?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

65c655 Firmware EUVD-2025-32472

| CVE-2025-55971 MEDIUM

Server-Side Request Forgery (SSRF) (CWE-918)

2025-10-03 cve@mitre.org

SSRF 65c655 Firmware Android

4.7

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

4.7 MEDIUM

AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 13, 2026 - 19:29 euvd

EUVD-2025-32472

Analysis Generated

Mar 13, 2026 - 19:29 vuln.today

PoC Detected

Oct 15, 2025 - 18:17 vuln.today

Public exploit code

CVE Published

Oct 03, 2025 - 16:16 nvd

MEDIUM 4.7

DescriptionCVE.org

TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4.242+), is vulnerable to a blind, unauthenticated Server-Side Request Forgery (SSRF) vulnerability via the UPnP MediaRenderer service (AVTransport:1). The device accepts unauthenticated SetAVTransportURI SOAP requests over TCP/16398 and attempts to retrieve externally referenced URIs, including attacker-controlled payloads. The blind SSRF allows for sending requests on behalf of the TV, which can be leveraged to probe for other internal or external services accessible by the device (e.g., 127.0.0.1:16XXX, LAN services, or internet targets), potentially enabling additional exploit chains.

Analysis

Technical ContextAI

Server-Side Request Forgery allows an attacker to induce the server to make HTTP requests to arbitrary destinations, including internal services. This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918).

RemediationAI

Validate and whitelist allowed URLs and IP ranges. Block requests to internal/private IP ranges. Use network segmentation to limit server-side request scope.

EUVD-2025-32472 vulnerability details – vuln.today

Back

65c655 Firmware EUVD-2025-32472

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code