Vulnerability in Pci-sig Pci Express Integrity And Data Encryption (Pcie Ide) Specification
CVE-2025-9612
An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on Transaction Layer Packet (TLP) ordering and tag uniqueness may allow encrypted packets to be replayed or re…
EPSS: 0.001 (2.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.1 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.
Affected products
References
- cret@cert.org (Product)
- cret@cert.org (Vendor Advisory)
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Third Party Advisory)
Frequently asked questions
- What is CVE-2025-9612?
- CVE-2025-9612 is a medium-severity vulnerability in Pci-sig Pci Express Integrity And Data Encryption (Pcie Ide) Specification, classified under CWE-404: IMPROPER RESOURCE SHUTDOWN OR RELEASE. CVSS score: 5.1/10. Published 2025-12-09.
- How severe is CVE-2025-9612?
- Medium severity. CVSS v3 base score is 5.1 out of 10.