CVE-2025-11573
HIGHAmazon.IonDotnet < 1.3.2 - Denial of Service via Infinite Loop in Text Input Parser
Title source: llmDescription
An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. To mitigate this issue, users should upgrade to version v1.3.2. As of August 20, 2025, this library has been deprecated and will not receive further updates.
References (3)
Core 3
Core References
Vendor Advisory third-party-advisory
https://github.com/amazon-ion/ion-dotnet/security/advisories/GHSA-q5r6-9qwq-g2wj
Release Notes patch
product
https://github.com/amazon-ion/ion-dotnet/releases/tag/v1.3.2
Various Sources vendor-advisory
https://aws.amazon.com/security/security-bulletins/AWS-2025-022/
Scores
CVSS v3
7.5
EPSS
0.0039
EPSS Percentile
30.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-1286
Status
published
Products (2)
Amazon/Amazon.IonDotnet
< 1.3.2
nuget/Amazon.IonDotnet
0 - 1.3.2NuGet
Published
Oct 09, 2025
Tracked Since
Feb 18, 2026