Uninitialized Stack Read Vulnerability in Amazon Ion-C by AWS
CVE-2025-12829

6.9MEDIUM

Key Information:

Vendor

Amazon

Status
Ion-c
Vendor
CVE Published:
7 November 2025

What is CVE-2025-12829?

An uninitialized stack read vulnerability has been identified in Amazon Ion-C versions prior to v1.1.4. This issue could potentially allow attackers to craft malicious data that, when serialized to Ion text, may lead to the unintended exposure of sensitive information stored in memory. These vulnerabilities can be exploited through the use of UTF-8 escape sequences, highlighting the importance of upgrading to version v1.1.4 or later to prevent such risks. Users are strongly advised to address this security concern promptly by applying the latest patches.

Affected Version(s)

Ion-C 1.1.4

References

https://aws.amazon.com/security/security-bulletins/AWS-20...
vendor-advisory
https://github.com/amazon-ion/ion-c/releases/tag/v1.1.4
patch
https://github.com/amazon-ion/ion-c/security/advisories/G...
vendor-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-12829 : Uninitialized Stack Read Vulnerability in Amazon Ion-C by AWS