CVE-2025-34502

HIGH EPSS 9.6%

Published Oct 24, 20258mo ago · Modified Jun 17, 20261w ago

7.0 CVSS 4.0

High

Published Oct 24, 2025 8mo ago

Last Modified Jun 17, 2026 1w ago

Description

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboot. This weakness allows long-term firmware tampering that survives power cycles. The vendor indicates that more recent firmware updates strengthen update-chain integrity and disable physical update ports to mitigate related attack avenues.

CVSS Details

Base Score

7.0

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Physical

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

9.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-1326

References 2

ioactive.com https://www.ioactive.com/wp-content/uploads/2025/05/IOActive-card-shuffler-security.pdf
vulncheck.com https://www.vulncheck.com/advisories/shuffle-master-deck-mate-2-missing-secure-boot

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.