Vulnerability Description
Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboot. This weakness allows long-term firmware tampering that survives power cycles. The vendor indicates that more recent firmware updates strengthen update-chain integrity and disable physical update ports to mitigate related attack avenues.
Related Weaknesses (CWE)
References
- https://www.ioactive.com/wp-content/uploads/2025/05/IOActive-card-shuffler-secur
- https://www.vulncheck.com/advisories/shuffle-master-deck-mate-2-missing-secure-b
FAQ
What is CVE-2025-34502?
CVE-2025-34502 is a documented vulnerability. Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can mo...
How severe is CVE-2025-34502?
CVSS scoring is not yet available for CVE-2025-34502. Check NVD for updates.
Is there a patch for CVE-2025-34502?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.