CVE-2025-9614 | THREATINT

Description

An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on re-keying and stream flushing during device rebinding may allow stale write transactions from a previous security context to be processed in a new one. This can lead to unintended data access across trusted domains, compromising confidentiality and integrity.

PUBLISHED Reserved 2025-08-28 | Published 2025-12-09 | Updated 2025-12-10 | Assigner certcc

Problem types

CWE-354: Improper Validation of Integrity Check Value

Product status

Any version before 6.5-Rev7.0

affected

Any version before 7.1-Rev7.0

affected

References

pcisig.com/specifications

pcisig.com/PCIeIDEStandardVulnerabilities

cve.org (CVE-2025-9614)

nvd.nist.gov (CVE-2025-9614)

Download JSON