Search criteria
6 vulnerabilities found for PCI Express Integrity and Data Encryption (PCIe IDE) Specification by PCI-SIG
CVE-2025-9614 (GCVE-0-2025-9614)
Vulnerability from nvd – Published: 2025-12-09 18:48 – Updated: 2025-12-10 20:09
VLAI?
Summary
An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on re-keying and stream flushing during device rebinding may allow stale write transactions from a previous security context to be processed in a new one. This can lead to unintended data access across trusted domains, compromising confidentiality and integrity.
Severity ?
6.5 (Medium)
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| PCI-SIG | PCI Express Integrity and Data Encryption (PCIe IDE) Specification |
Affected:
0 , < 6.5-Rev7.0
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-9614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T20:09:17.808849Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T20:09:20.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PCI Express Integrity and Data Encryption (PCIe IDE) Specification",
"vendor": "PCI-SIG",
"versions": [
{
"lessThan": "6.5-Rev7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "PCI Express Integrity and Data Encryption (PCIe IDE) Specification",
"vendor": "PCI-SIG",
"versions": [
{
"lessThan": "7.1-Rev7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on re-keying and stream flushing during device rebinding may allow stale write transactions from a previous security context to be processed in a new one. This can lead to unintended data access across trusted domains, compromising confidentiality and integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T19:18:57.364Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://pcisig.com/specifications"
},
{
"url": "https://pcisig.com/PCIeIDEStandardVulnerabilities"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2025-9614",
"x_generator": {
"engine": "VINCE 3.0.30",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-9614"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-9614",
"datePublished": "2025-12-09T18:48:36.950Z",
"dateReserved": "2025-08-28T15:44:38.469Z",
"dateUpdated": "2025-12-10T20:09:20.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9612 (GCVE-0-2025-9612)
Vulnerability from nvd – Published: 2025-12-09 18:44 – Updated: 2025-12-11 14:57
VLAI?
Summary
An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on Transaction Layer Packet (TLP) ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection. This can enable local or physical attackers on the PCIe bus to violate data integrity protections.
Severity ?
5.1 (Medium)
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| PCI-SIG | PCI Express Integrity and Data Encryption (PCIe IDE) Specification |
Affected:
0 , < 7.1-Rev7.0
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-9612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T14:57:05.743440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T14:57:09.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://kb.cert.org/vuls/id/404544"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PCI Express Integrity and Data Encryption (PCIe IDE) Specification",
"vendor": "PCI-SIG",
"versions": [
{
"lessThan": "7.1-Rev7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "PCI Express Integrity and Data Encryption (PCIe IDE) Specification",
"vendor": "PCI-SIG",
"versions": [
{
"lessThan": "6.5-Rev7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on Transaction Layer Packet (TLP) ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection. This can enable local or physical attackers on the PCIe bus to violate data integrity protections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-404: Improper Resource Shutdown or Release",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T19:17:42.005Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://pcisig.com/specifications"
},
{
"url": "https://pcisig.com/PCIeIDEStandardVulnerabilities"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2025-9612",
"x_generator": {
"engine": "VINCE 3.0.30",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-9612"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-9612",
"datePublished": "2025-12-09T18:44:59.620Z",
"dateReserved": "2025-08-28T15:44:11.594Z",
"dateUpdated": "2025-12-11T14:57:09.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9613 (GCVE-0-2025-9613)
Vulnerability from nvd – Published: 2025-12-09 18:52 – Updated: 2025-12-10 17:04
VLAI?
Summary
A vulnerability was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completions being delivered to the wrong security context, potentially compromising data integrity and confidentiality.
Severity ?
6.5 (Medium)
CWE
- CWE-459 - Incomplete Cleanup
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| PCI-SIG | PCI Express Integrity and Data Encryption (PCIe IDE) Specification |
Affected:
0 , < 7.1-Rev7.0
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-9613",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T17:04:05.433232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T17:04:11.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PCI Express Integrity and Data Encryption (PCIe IDE) Specification",
"vendor": "PCI-SIG",
"versions": [
{
"lessThan": "7.1-Rev7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "PCI Express Integrity and Data Encryption (PCIe IDE) Specification",
"vendor": "PCI-SIG",
"versions": [
{
"lessThan": "6.5-Rev7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completions being delivered to the wrong security context, potentially compromising data integrity and confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-459: Incomplete Cleanup",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T19:18:06.300Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://pcisig.com/specifications"
},
{
"url": "https://pcisig.com/PCIeIDEStandardVulnerabilities"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2025-9613",
"x_generator": {
"engine": "VINCE 3.0.30",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-9613"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-9613",
"datePublished": "2025-12-09T18:52:02.956Z",
"dateReserved": "2025-08-28T15:44:25.947Z",
"dateUpdated": "2025-12-10T17:04:11.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9613 (GCVE-0-2025-9613)
Vulnerability from cvelistv5 – Published: 2025-12-09 18:52 – Updated: 2025-12-10 17:04
VLAI?
Summary
A vulnerability was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completions being delivered to the wrong security context, potentially compromising data integrity and confidentiality.
Severity ?
6.5 (Medium)
CWE
- CWE-459 - Incomplete Cleanup
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| PCI-SIG | PCI Express Integrity and Data Encryption (PCIe IDE) Specification |
Affected:
0 , < 7.1-Rev7.0
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-9613",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T17:04:05.433232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T17:04:11.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PCI Express Integrity and Data Encryption (PCIe IDE) Specification",
"vendor": "PCI-SIG",
"versions": [
{
"lessThan": "7.1-Rev7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "PCI Express Integrity and Data Encryption (PCIe IDE) Specification",
"vendor": "PCI-SIG",
"versions": [
{
"lessThan": "6.5-Rev7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completions being delivered to the wrong security context, potentially compromising data integrity and confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-459: Incomplete Cleanup",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T19:18:06.300Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://pcisig.com/specifications"
},
{
"url": "https://pcisig.com/PCIeIDEStandardVulnerabilities"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2025-9613",
"x_generator": {
"engine": "VINCE 3.0.30",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-9613"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-9613",
"datePublished": "2025-12-09T18:52:02.956Z",
"dateReserved": "2025-08-28T15:44:25.947Z",
"dateUpdated": "2025-12-10T17:04:11.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9614 (GCVE-0-2025-9614)
Vulnerability from cvelistv5 – Published: 2025-12-09 18:48 – Updated: 2025-12-10 20:09
VLAI?
Summary
An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on re-keying and stream flushing during device rebinding may allow stale write transactions from a previous security context to be processed in a new one. This can lead to unintended data access across trusted domains, compromising confidentiality and integrity.
Severity ?
6.5 (Medium)
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| PCI-SIG | PCI Express Integrity and Data Encryption (PCIe IDE) Specification |
Affected:
0 , < 6.5-Rev7.0
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-9614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T20:09:17.808849Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T20:09:20.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PCI Express Integrity and Data Encryption (PCIe IDE) Specification",
"vendor": "PCI-SIG",
"versions": [
{
"lessThan": "6.5-Rev7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "PCI Express Integrity and Data Encryption (PCIe IDE) Specification",
"vendor": "PCI-SIG",
"versions": [
{
"lessThan": "7.1-Rev7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on re-keying and stream flushing during device rebinding may allow stale write transactions from a previous security context to be processed in a new one. This can lead to unintended data access across trusted domains, compromising confidentiality and integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T19:18:57.364Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://pcisig.com/specifications"
},
{
"url": "https://pcisig.com/PCIeIDEStandardVulnerabilities"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2025-9614",
"x_generator": {
"engine": "VINCE 3.0.30",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-9614"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-9614",
"datePublished": "2025-12-09T18:48:36.950Z",
"dateReserved": "2025-08-28T15:44:38.469Z",
"dateUpdated": "2025-12-10T20:09:20.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9612 (GCVE-0-2025-9612)
Vulnerability from cvelistv5 – Published: 2025-12-09 18:44 – Updated: 2025-12-11 14:57
VLAI?
Summary
An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on Transaction Layer Packet (TLP) ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection. This can enable local or physical attackers on the PCIe bus to violate data integrity protections.
Severity ?
5.1 (Medium)
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| PCI-SIG | PCI Express Integrity and Data Encryption (PCIe IDE) Specification |
Affected:
0 , < 7.1-Rev7.0
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-9612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T14:57:05.743440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T14:57:09.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://kb.cert.org/vuls/id/404544"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PCI Express Integrity and Data Encryption (PCIe IDE) Specification",
"vendor": "PCI-SIG",
"versions": [
{
"lessThan": "7.1-Rev7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "PCI Express Integrity and Data Encryption (PCIe IDE) Specification",
"vendor": "PCI-SIG",
"versions": [
{
"lessThan": "6.5-Rev7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on Transaction Layer Packet (TLP) ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection. This can enable local or physical attackers on the PCIe bus to violate data integrity protections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-404: Improper Resource Shutdown or Release",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T19:17:42.005Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://pcisig.com/specifications"
},
{
"url": "https://pcisig.com/PCIeIDEStandardVulnerabilities"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2025-9612",
"x_generator": {
"engine": "VINCE 3.0.30",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-9612"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-9612",
"datePublished": "2025-12-09T18:44:59.620Z",
"dateReserved": "2025-08-28T15:44:11.594Z",
"dateUpdated": "2025-12-11T14:57:09.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}