Shuffle Master Deck Mate 2 Missing Secure Boot_CVE-2025-34502

7 / 10

HIGH

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboot. This weakness allows long-term firmware tampering that survives power cycles. The vendor indicates that more recent firmware updates strengthen update-chain integrity and disable physical update ports to mitigate related attack avenues.

Basic Information

ID CVE-2025-34502

Source VulnCheck

Published Oct 24, 2025 at 23:04

Affected Product

Vendor Light & Wonder, Inc. / SHFL Entertainment, Inc. / Shuffle Master, Inc.

Product Deck Mate 2

Affected Versions Light & Wonder, Inc. / SHFL Entertainment, Inc. / Shuffle Master, Inc. Deck Mate 2 0

CWE Classification

CWE-1326

References

{
    "lastseen": "",
    "description": "Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboot. This weakness allows long-term firmware tampering that survives power cycles. The vendor indicates that more recent firmware updates strengthen update-chain integrity and disable physical update ports to mitigate related attack avenues.",
    "published": "2025-10-24T23:04:11.948Z",
    "modified": "2025-10-24T23:04:11.948Z",
    "type": "cve",
    "title": "Shuffle Master Deck Mate 2 Missing Secure Boot",
    "source": "VulnCheck",
    "references": "https://www.ioactive.com/wp-content/uploads/2025/05/IOActive-card-shuffler-security.pdf\nhttps://www.vulncheck.com/advisories/shuffle-master-deck-mate-2-missing-secure-boot",
    "id": "CVE-2025-34502",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1326"
    ],
    "cvelist": null,
    "sourceData": "Light & Wonder, Inc. / SHFL Entertainment, Inc. / Shuffle Master, Inc. Deck Mate 2 0",
    "sourceHref": "",
    "cvss": {
        "score": 7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Deck Mate 2",
    "version": "0",
    "vendor": "Light & Wonder, Inc. / SHFL Entertainment, Inc. / Shuffle Master, Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}