CVE-2025-34502

Shuffle Master Deck Mate 2 Missing Secure Boot

CVSS 7 HIGHEPSS 0.2%CWE-1326

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

24 oct 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboot. This weakness allows long-term firmware tampering that survives power cycles. The vendor indicates that more recent firmware updates strengthen update-chain integrity and disable physical update ports to mitigate related attack avenues.

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

Light & Wonder, Inc. / SHFL Entertainment, Inc. / Shuffle Master, Inc. · Deck Mate 2

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.ioactive.com/wp-content/uploads/2025/05/IOActive-card-shuffler-security.pdf https://www.vulncheck.com/advisories/shuffle-master-deck-mate-2-missing-secure-boot