CVE-2025-11573

HIGH

Nuget Amazon.iondotnet < 1.3.2 - Denial of Service

Title source: rule

Description

An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. To mitigate this issue, users should upgrade to version v1.3.2. As of August 20, 2025, this library has been deprecated and will not receive further updates.

References (3)

[Vendor Advisory] https://github.com/amazon-ion/ion-dotnet/security/advisories/GHSA-q5r6-9qwq-g2wj

[Release Notes] https://github.com/amazon-ion/ion-dotnet/releases/tag/v1.3.2

[Various Sources] https://aws.amazon.com/security/security-bulletins/AWS-2025-022/

Scores

CVSS v3 7.5

EPSS 0.0012

EPSS Percentile 30.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-1286

Status published

Products (2)

Amazon/Amazon.IonDotnet < 1.3.2

nuget/Amazon.IonDotnet 0 - 1.3.2NuGet

Published Oct 09, 2025

Tracked Since Feb 18, 2026