CVE-2025-9614

medium

Description

An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on re-keying and stream flushing during device rebinding may allow stale write transactions from a previous security context to be processed in a new one. This can lead to unintended data access across trusted domains, compromising confidentiality and integrity.

References

References
More

https://www.securityweek.com/intel-amd-processors-affected-by-pcie-vulnerabilities/

https://thehackernews.com/2025/12/three-pcie-encryption-weaknesses-expose.html

https://pcisig.com/specifications

https://pcisig.com/PCIeIDEStandardVulnerabilities

Details

Source: Mitre, NVD

Published: 2025-12-09

Updated: 2025-12-12

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00005