CVE-2025-34502

Name of the Vulnerable Software and Affected Versions Deck Mate 2 (affected versions not specified)

Description The Deck Mate 2 device does not have a verified secure-boot chain or runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem, leading to persistent code execution upon reboot. This allows for long-term firmware tampering that persists even after power cycles. The vendor has indicated that recent firmware updates improve update-chain integrity and disable physical update ports to reduce potential attack vectors.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.