CVE-2025-9613 Overview
CVE-2025-9613 affects the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification maintained by PCI-SIG. The specification provides insufficient guidance on tag reuse after completion timeouts. This gap permits multiple outstanding Non-Posted Requests to share the same tag identifier. When tag aliasing occurs, completions may be routed to the wrong security context. The result is potential compromise of data integrity and confidentiality across isolated PCIe streams.
Critical Impact
Tag aliasing in PCIe IDE can deliver completion transactions to the wrong security context, breaking the confidentiality and integrity guarantees the IDE specification is designed to enforce between trusted device streams.
Affected Products
- PCI-SIG PCI Express Integrity and Data Encryption (IDE) specification
- Implementations of the PCIe IDE standard in root complexes and endpoint devices
- Systems relying on IDE stream isolation for confidential computing workloads
Discovery Timeline
- 2025-12-09 - CVE-2025-9613 published to the National Vulnerability Database
- 2026-06-17 - Last updated in NVD database
Technical Details for CVE-2025-9613
Vulnerability Analysis
PCIe IDE protects Transaction Layer Packets (TLPs) between two endpoints using cryptographic integrity and encryption. Non-Posted Requests such as memory reads require matching completions returned by the responder. Each request carries a tag that binds the completion back to the originator's outstanding request context. The specification does not clearly define how a requester should treat a tag after a completion timeout expires. A requester may reuse a timed-out tag while the original request is still in flight downstream. When the delayed completion eventually arrives, the receiving logic cannot distinguish between the stale response and the response to the new request bearing the same tag.
Root Cause
The root cause is a specification-level gap classified under [NVD-CWE-noinfo]. The IDE specification lacks binding rules that tie a tag exclusively to a single outstanding request until the transaction fully retires. Without a mandatory quiescence or invalidation step after a completion timeout, implementations may legally reuse tags that remain live on the fabric.
Attack Vector
Exploitation requires an attacker able to influence PCIe traffic timing on the network-reachable fabric so that completion timeouts trigger predictably. The attacker does not need privileges or user interaction. By inducing timeouts on targeted Non-Posted Requests, the attacker can cause completions belonging to one IDE-protected security context to be consumed by another. This produces cross-context data leakage or corruption of data delivered to trusted device streams. No public proof-of-concept or exploitation activity is reported, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.
Detection Methods for CVE-2025-9613
Indicators of Compromise
- Elevated PCIe completion timeout counters on IDE-protected streams, particularly on links carrying confidential compute workloads
- Unexpected IDE integrity check failures or MAC verification errors logged by the root complex
- Anomalous rates of tag reuse events reported by PCIe analyzer captures on affected links
Detection Strategies
- Instrument PCIe root complex telemetry to correlate completion timeouts with subsequent tag reuse on the same requester ID
- Review vendor firmware and platform logs for IDE stream errors, replay counter anomalies, or unexpected key rotation events
- Use hardware PCIe protocol analyzers in lab validation to confirm that endpoint implementations quiesce tags after timeouts
Monitoring Recommendations
- Track IDE stream error counters exposed through platform management interfaces and alert on sustained increases
- Baseline expected completion timeout rates per device class and flag deviations for investigation
- Monitor vendor advisories from silicon and platform suppliers for firmware updates addressing IDE tag management
How to Mitigate CVE-2025-9613
Immediate Actions Required
- Inventory systems that rely on PCIe IDE for confidential computing, GPU attestation, or trusted device isolation
- Contact silicon and platform vendors to confirm whether their IDE implementations are affected and request remediation timelines
- Restrict physical and administrative access to systems exposing IDE-protected PCIe links until vendor updates are applied
Patch Information
PCI-SIG has published guidance on the affected specification behavior. Refer to the PCI-SIG Vulnerabilities Overview for the authoritative advisory and to the PCI-SIG Specifications Document for updated specification language. Remediation depends on firmware and hardware updates from device and platform vendors that implement the revised tag management rules.
Workarounds
- Disable PCIe IDE where the feature is not required for the workload, reverting to alternative isolation controls
- Reduce completion timeout windows only where vendor guidance confirms it does not increase aliasing risk
- Segregate sensitive workloads onto platforms with confirmed remediated IDE implementations
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

