Infinite Loop Vulnerability in Amazon.IonDotnet Library
CVE-2025-11573

8.7HIGH

Key Information:

Vendor

Amazon

Status
Amazon.iondotnet
Vendor
CVE Published:
9 October 2025

What is CVE-2025-11573?

The Amazon.IonDotnet library prior to version 1.3.2 is susceptible to a denial of service due to an infinite loop bug triggered by specifically crafted input. Attackers can exploit this flaw by submitting malicious text, leading to uninterrupted operation of the application that utilizes this library. Immediate upgrades to version 1.3.2 is essential for users to safeguard their systems. As of August 20, 2025, the library has been marked for deprecation, indicating that no further updates will be provided. It is crucial for users to address this vulnerability by implementing the recommended updates.

Affected Version(s)

Amazon.IonDotnet 0 < 1.3.2

References

https://github.com/amazon-ion/ion-dotnet/releases/tag/v1.3.2
patchproduct
https://aws.amazon.com/security/security-bulletins/AWS-20...
vendor-advisory
https://github.com/amazon-ion/ion-dotnet/security/advisor...
third-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-11573 : Infinite Loop Vulnerability in Amazon.IonDotnet Library