CVE-2025-13954 CRITICAL

CVE-2025-13954: Hard-coded cryptographic keys in EZCast Pro II Dongle

Vendor Ezcast
Product EZCast Pro II
Weakness CWE-798 · Hardcoded credentials
Published December 10, 2025
Last update May 28, 2026

CVSS base score

9.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:H/SA:N/AU:Y/RE:L

What the vulnerability does

01Description

Hard-coded cryptographic keys in Admin UI of EZCast Pro II before version 1.17478.177 allows attackers to bypass authorization checks and gain full access to the admin UI

Key dates

02Disclosure timeline

December 10, 2025 CVE published
May 28, 2026 Record updated