CVE-2025-34503
BaseFortify
Publication date: 2025-10-24
Last updated on: 2025-10-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| shuffle_master | deck_mate_2 | * |
| shuffle_master | deck_mate_1 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1326 | A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code. |
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists because Deck Mate 1 executes firmware directly from an external EEPROM without verifying its authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run arbitrary code that persists even after rebooting the device. This is due to the device lacking modern secure-boot or signed-update mechanisms.
How can this vulnerability impact me? :
If an attacker gains physical access to the device, they can install malicious firmware that runs arbitrary code persistently. This could lead to unauthorized control or manipulation of the device, potentially compromising its functionality and security.
What immediate steps should I take to mitigate this vulnerability?
Because the vulnerability involves executing firmware from an external EEPROM without verification, and no firmware updates are available, immediate mitigation steps include physically protecting the affected systems to prevent unauthorized physical access or retiring the affected devices from service.