CVE-2025-13954 identifies a critical security vulnerability in the EZCast Pro II device, specifically version 1.17478.146. The root cause is the presence of hard-coded cryptographic keys embedded within the Admin UI, classified under CWE-798 (Use of Hard-coded Credentials). These hard-coded keys allow attackers to bypass all authorization checks, granting them full administrative privileges without requiring any authentication or user interaction. The vulnerability can be exploited remotely with low attack complexity, as indicated by the CVSS 4.0 vector: Attack Vector (AV) is adjacent network, Attack Complexity (AC) is low, and no privileges or user interaction are required. The impact on confidentiality, integrity, and availability is high, as attackers can fully control the device, potentially altering configurations, intercepting or manipulating data streams, or disrupting device functionality. EZCast Pro II devices are commonly used for wireless presentation and collaboration in enterprise and educational environments, making this vulnerability particularly concerning for organizations relying on secure communication and data sharing. No patches or firmware updates have been published yet, and no known exploits have been observed in the wild, but the critical severity demands immediate attention. The vulnerability was assigned and published by NCSC.ch, reflecting its recognized importance in the cybersecurity community.

For European organizations, the exploitation of CVE-2025-13954 could lead to unauthorized administrative control over EZCast Pro II devices, resulting in potential data breaches, manipulation of presentation content, and disruption of collaborative workflows. Confidential information transmitted or displayed via these devices could be intercepted or altered, undermining trust and compliance with data protection regulations such as GDPR. The integrity of meetings and presentations could be compromised, affecting decision-making processes and operational continuity. Availability of the devices may also be impacted if attackers disable or misconfigure the hardware. Sectors such as government, finance, education, and large enterprises that utilize EZCast Pro II for secure communication are at heightened risk. The vulnerability's ease of exploitation and lack of required authentication amplify the threat, potentially enabling lateral movement within networks if attackers leverage compromised devices as footholds.

Given the absence of published patches, European organizations should immediately implement network-level mitigations. These include isolating EZCast Pro II devices on dedicated VLANs with strict access controls, limiting network exposure to trusted management hosts only. Employ network monitoring to detect anomalous access patterns to the Admin UI. Disable or restrict remote management interfaces where possible. Enforce strong physical security to prevent local exploitation. Engage with EZCast vendors to obtain firmware updates or patches addressing the hard-coded credential issue. Consider replacing affected devices if no timely fix is available. Additionally, conduct regular audits of device configurations and access logs to identify unauthorized access attempts. Incorporate this vulnerability into incident response plans to ensure rapid containment if exploitation is detected.