CVE-2025-34502

Summary

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboot. This weakness allows long-term firmware tampering that survives power cycles. The vendor indicates that more recent firmware updates strengthen update-chain integrity and disable physical update ports to mitigate related attack avenues.

Affected Software

VendorProductVersion RangeStatus
Light & Wonder, Inc. / SHFL Entertainment, Inc. / Shuffle Master, Inc.Deck Mate 20 < all known versions prior to 2025-10-23affected

Weaknesses

  • CWE-1326: CWE-1326 Missing Immutable Root of Trust in Hardware

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References