CVE-2025-34502
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-24

Last updated on: 2025-10-27

Assigner: VulnCheck

Description
Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboot. This weakness allows long-term firmware tampering that survives power cycles. The vendor indicates that more recent firmware updates strengthen update-chain integrity and disable physical update ports to mitigate related attack avenues.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-24
Last Modified
2025-10-27
Generated
2026-06-16
AI Q&A
2025-10-25
EPSS Evaluated
2026-06-14
NVD
CVE-2025-34502
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
shufflemaster deck_mate_1 *
shufflemaster deck_mate_2 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1326 A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists because Deck Mate 2 does not have a verified secure-boot chain or runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace critical components like the bootloader, kernel, or filesystem. This allows the attacker to achieve persistent code execution that survives reboots and power cycles, enabling long-term firmware tampering.

Impact Analysis

The vulnerability can lead to persistent unauthorized code execution on the affected device, allowing an attacker with physical access to maintain control over the system even after reboots. This can result in compromised device integrity, potential data manipulation, and unauthorized access to system functions, posing significant security risks.

Mitigation Strategies

To mitigate this vulnerability, apply the most recent firmware updates provided by the vendor, as these updates strengthen update-chain integrity and disable physical update ports, reducing the risk of persistent firmware tampering.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34502. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart