CVE-2025-9612

MEDIUM EPSS 2.7%
Published Dec 9, 20256mo ago · Modified Jun 17, 20261w ago
5.1 CVSS 3.1
Medium
Find Similar
Published Dec 9, 2025 6mo ago
Last Modified Jun 17, 2026 1w ago

Description

An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on Transaction Layer Packet (TLP) ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection. This can enable local or physical attackers on the PCIe bus to violate data integrity protections.

CVSS Details

Base Score
5.1
Exploitability
2.5
Impact
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
2.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Affected Products 1

VendorProductVersionRange
pcisigpci_express_integrity_and_data_encryption*any

References 3

  • kb.cert.org https://kb.cert.org/vuls/id/404544
    Third Party Advisory
  • pcisig.com https://pcisig.com/PCIeIDEStandardVulnerabilities
    Vendor Advisory
  • pcisig.com https://pcisig.com/specifications
    Product

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.