EUVD-2025-35893

🗓️ 25 Oct 2025 00:30:39Reported by EUVDType

Firmware runs from an external EEPROM with no authenticity checks, enabling physical attackers to persist code across reboots.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-34503	25 Oct 202502:56	–	circl
CNNVD	Light & Wonder Deck Mate 安全漏洞	24 Oct 202500:00	–	cnnvd
CVE	CVE-2025-34503	24 Oct 202523:04	–	cve
Cvelist	CVE-2025-34503 Shuffle Master Deck Mate 1 Unauthenticated EEPROM Firmware Execution	24 Oct 202523:04	–	cvelist
NVD	CVE-2025-34503	24 Oct 202523:15	–	nvd
Positive Technologies	PT-2025-43689	24 Oct 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-34503	27 Oct 202513:33	–	redhatcve
Vulnrichment	CVE-2025-34503 Shuffle Master Deck Mate 1 Unauthenticated EEPROM Firmware Execution	24 Oct 202523:04	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "24752929-45b5-3f11-93c5-bd85961e207a",
        "vendor": {
          "name": "Light & Wonder, Inc. / SHFL Entertainment, Inc. / Shuffle Master, Inc."
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "862f774f-2282-3422-b795-9207078dae84",
        "product": {
          "name": "Deck Mate 1"
        },
        "product_version": "0 <unknown"
      }
    ]
  }
]

Source	Link
ioactive	www.ioactive.com/wp-content/uploads/2025/05/IOActive-card-shuffler-security.pdf
vulncheck	www.vulncheck.com/advisories/shuffle-master-deck-mate-1-unauthenticated-eeprom-firmware-execution
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-34503

25 Oct 2025 00:30Current

6.7Medium risk

Vulners AI Score6.7

CVSS 47

EPSS0.00015