CVE-2025-34502— Shuffle Master Deck Mate 2 Missing Secure Boot
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-34502
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Shuffle Master Deck Mate 2 Missing Secure Boot
Source: NVD (National Vulnerability Database)
Vulnerability Description
Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboot. This weakness allows long-term firmware tampering that survives power cycles. The vendor indicates that more recent firmware updates strengthen update-chain integrity and disable physical update ports to mitigate related attack avenues.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1326
Source: NVD (National Vulnerability Database)
Vulnerability Title
Light & Wonder Deck Mate 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Light & Wonder Deck Mate是英国Light & Wonder公司的一款自动发牌设备。 Light & Wonder Deck Mate存在安全漏洞,该漏洞源于缺少安全启动链验证和运行时完整性验证,可能导致物理访问攻击者修改或替换启动加载程序、内核或文件系统,并在重启时获得持久代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Light & Wonder, Inc. / SHFL Entertainment, Inc. / Shuffle Master, Inc. | Deck Mate 2 | 0 ~ all known versions prior to 2025-10-23 | - |
II. Public POCs for CVE-2025-34502
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-34502
请登录查看更多情报信息。
Same Patch Batch · Light & Wonder, Inc. / SHFL Entertainment, Inc. / Shuffle Master, Inc. · 2025-10-24 · 3 CVEs total
| CVE-2025-34500 | Shuffle Master Deck Mate 2 Insecure Update Chain | |
| CVE-2025-34503 | Shuffle Master Deck Mate 1 Unauthenticated EEPROM Firmware Execution |
IV. Related Vulnerabilities
Same weakness: CWE-1326
- CVE-2025-5834
Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Har - CVE-2025-31929
Siemens VersiCharge AC Series 安全漏洞 - CVE-2025-2762
CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege - CVE-2024-8357
Visteon Infotainment App SoC Missing Immutable Root of Trust - CVE-2024-30111
Missing Root Detection vulnerability affects DRYiCE AEX v10
V. Comments for CVE-2025-34502
No comments yet