CVE-2025-13954 is a vulnerability identified in EZCast Pro II version 1.17478.146, involving the use of hard-coded cryptographic keys within the device's Admin UI. This security flaw falls under CWE-798, which concerns the use of hard-coded credentials that can be extracted or reverse-engineered by attackers. The presence of these fixed cryptographic keys allows an attacker to bypass all authorization checks on the Admin UI, effectively granting full administrative privileges without requiring any authentication or user interaction. The vulnerability is network exploitable (Attack Vector: Adjacent), with low attack complexity and no privileges or user interaction needed, making it highly accessible to attackers within the network range. The CVSS 4.0 score of 9.3 reflects the critical impact on confidentiality, integrity, and availability, as attackers can fully control the device, potentially altering configurations, intercepting data, or disrupting services. Although no exploits have been reported in the wild yet, the vulnerability's nature suggests that exploitation could be straightforward once the keys are discovered. EZCast Pro II devices are commonly used for wireless display and collaboration in corporate, educational, and governmental environments, making this vulnerability particularly concerning for organizations relying on these devices for secure communications and presentations. The lack of a patch at the time of disclosure increases the urgency for mitigation through network segmentation, access controls, and monitoring.

For European organizations, this vulnerability poses a significant risk to the security and operational integrity of environments using EZCast Pro II devices. Attackers gaining full admin access can manipulate device settings, intercept or redirect sensitive presentation data, and potentially use the compromised device as a foothold for lateral movement within internal networks. This can lead to data breaches, disruption of business operations, and loss of trust in communication infrastructure. Sectors such as finance, government, education, and critical infrastructure that utilize these devices for secure collaboration are particularly vulnerable. The ability to exploit this flaw without authentication or user interaction increases the likelihood of successful attacks, especially in environments with insufficient network segmentation or weak perimeter defenses. Additionally, compromised devices could be leveraged to launch further attacks or espionage campaigns targeting European entities. The absence of a patch at disclosure means organizations must rely on compensating controls, increasing operational complexity and risk.

1. Immediately restrict network access to the EZCast Pro II Admin UI by implementing strict firewall rules and network segmentation to limit exposure to trusted administrators only. 2. Monitor network traffic and device logs for unusual access patterns or unauthorized attempts to reach the Admin UI. 3. Disable or limit remote administration features if not strictly necessary. 4. Employ network intrusion detection/prevention systems (IDS/IPS) tuned to detect anomalous activity related to EZCast devices. 5. Engage with EZCast vendor support to obtain patches or firmware updates addressing this vulnerability as soon as they become available. 6. Consider temporary replacement or removal of vulnerable devices from critical environments until a fix is applied. 7. Conduct security awareness training for IT staff to recognize and respond to potential exploitation attempts. 8. Implement multi-factor authentication and strong access controls on management interfaces where possible, even if the device itself does not natively support it, through network-level controls or proxy solutions.