An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. To mitigate this issue, users should upgrade to version v1.3.2. As of August 20, 2025, this library has been deprecated and will not receive further updates.
History

Fri, 10 Oct 2025 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Amazon
Amazon ion
Vendors & Products Amazon
Amazon ion

Thu, 09 Oct 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 09 Oct 2025 18:15:00 +0000


Thu, 09 Oct 2025 18:00:00 +0000

Type Values Removed Values Added
Description An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. To mitigate this issue, users should upgrade to version v1.3.2. As of August 20, 2025, this library has been deprecated and will not receive further updates.
Title Denial of Service issue in Amazon.IonDotnet
Weaknesses CWE-1286
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: AMZN

Published:

Updated: 2025-10-09T19:34:39.743Z

Reserved: 2025-10-09T17:32:12.383Z

Link: CVE-2025-11573

cve-icon Vulnrichment

Updated: 2025-10-09T19:34:36.875Z

cve-icon NVD

Status : Received

Published: 2025-10-09T18:15:49.543

Modified: 2025-10-09T18:15:49.543

Link: CVE-2025-11573

cve-icon Redhat

No data.