Vulnerability in Light & Wonder, Inc. / Shfl Entertainment, Shuffle Master, Deck Mate 2

CVE-2025-34502

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel…

EPSS: 0.000 (9.6th percentile) — read the EPSS interpretation.

Affected products

Light & Wonder, Inc. / Shfl Entertainment, Shuffle Master, Deck Mate 2 — versions 0

Weakness classification (CWE)

CWE-1326

References

www.ioactive.com/wp-content/uploads/2025/05/IOActive-card-shuffler-security.pdf (technical-description, exploit)
www.vulncheck.com/advisories/shuffle-master-deck-mate-2-missing-secure-boot (third-party-advisory)