CVE-2025-11573 HIGH

CVE-2025-11573: Denial of Service issue in Amazon.IonDotnet

Vendor Amazon
Product Amazon.IonDotnet
Weakness CWE-1286
Published October 9, 2025
Last update October 9, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. To mitigate this issue, users should upgrade to version v1.3.2. As of August 20, 2025, this library has been deprecated and will not receive further updates.

Key dates

02Disclosure timeline

October 9, 2025 CVE published
October 9, 2025 Record updated