Vulnerability in Pci-sig Pci Express Integrity And Data Encryption (Pcie Ide) Specification

CVE-2025-9612

An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on Transaction Layer Packet (TLP) ordering and tag uniqueness may allow encrypted packets to be replayed or re…

EPSS: 0.001 (2.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.1 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

References

Frequently asked questions

What is CVE-2025-9612?
CVE-2025-9612 is a medium-severity vulnerability in Pci-sig Pci Express Integrity And Data Encryption (Pcie Ide) Specification, classified under CWE-404: IMPROPER RESOURCE SHUTDOWN OR RELEASE. CVSS score: 5.1/10. Published 2025-12-09.
How severe is CVE-2025-9612?
Medium severity. CVSS v3 base score is 5.1 out of 10.