CVE-2025-9613

MEDIUM
Published Dec 9, 2025 Modified Jan 14, 2026

Description

A vulnerability was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completions being delivered to the wrong security context, potentially compromising data integrity and confidentiality.

CVSS v3.1 Score

6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products

Vendor Product
pcisig pci_express_integrity_and_data_encryption

References

Frequently Asked Questions

What is CVE-2025-9613? +
A vulnerability was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completions being delivered to the wrong security context, potentially compromising data integrity and confidentiality. It has a CVSS v3.1 base score of 6.5 (MEDIUM).
How severe is CVE-2025-9613? +
CVE-2025-9613 has a CVSS v3.1 score of 6.5 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
What products are affected by CVE-2025-9613? +
CVE-2025-9613 affects products from pcisig, specifically: pci_express_integrity_and_data_encryption. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-9613? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-9614 6.5

An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on re-keying …
CVE-2025-9612 5.1

An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on Transaction …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-9613 — free, no signup required.

Start Free Scan