CVE-2025-34502 HIGH

CVE-2025-34502: Shuffle Master Deck Mate 2 Missing Secure Boot

Vendor Light & Wonder, Inc. / Shfl Entertainment, Inc. / Shuffle Master, Inc.
Product Deck Mate 2
Weakness CWE-1326
Published October 24, 2025
Last update October 27, 2025

CVSS base score

7.0/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboot. This weakness allows long-term firmware tampering that survives power cycles. The vendor indicates that more recent firmware updates strengthen update-chain integrity and disable physical update ports to mitigate related attack avenues.

Key dates

02Disclosure timeline

October 24, 2025 CVE published
October 27, 2025 Record updated