CVE-2025-9614

An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on re-keying and stream flushing during device rebinding may allow stale write transactions from a previous security context to be processed in a new one. This can lead to unintended data access across trusted domains, compromising confidentiality and integrity.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://pcisig.com/PCIeIDEStandardVulnerabilities	Vendor Advisory
https://pcisig.com/specifications	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:pcisig:pci_express_integrity_and_data_encryption:-:*:*:*:*:*:*:*

History

14 Jan 2026, 17:44

Type	Values Removed	Values Added
First Time		Pcisig Pcisig pci Express Integrity And Data Encryption
CPE		cpe:2.3:a:pcisig:pci_express_integrity_and_data_encryption:-:::::::*
CWE		NVD-CWE-noinfo
References	~~() https://pcisig.com/PCIeIDEStandardVulnerabilities -~~	() https://pcisig.com/PCIeIDEStandardVulnerabilities - Vendor Advisory
References	~~() https://pcisig.com/specifications -~~	() https://pcisig.com/specifications - Product

10 Dec 2025, 21:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5

09 Dec 2025, 20:15

Type	Values Removed	Values Added
References		() https://pcisig.com/PCIeIDEStandardVulnerabilities -

09 Dec 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-09 19:15

Updated : 2026-01-14 17:44

NVD link : CVE-2025-9614

Mitre link : CVE-2025-9614

CVE.ORG link : CVE-2025-9614

JSON object : View

Products Affected

pcisig

pci_express_integrity_and_data_encryption

CWE

NVD-CWE-noinfo

6.5 /10