CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2025-11573 - Denial of Service issue in Amazon.IonDotnet

unknownCVE-2025-11573
Bulletin ID: AWS-2025-022 Scope: Amazon Content Type: Important (requires attention) Publication Date: 2025/10/09 11:00 PM PDT Description: Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data. We identified CVE-2025-11573, which describes an infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 that may allow a threat actor to cause a denial of service through a specially crafted text input. As of August 20, 2025, this library has been deprecated and will not receive further updates. Affected versions: <1.3.2

CSIRTS triage

What
An infinite loop issue may allow denial of service through crafted input.
Who is affected
Users of Amazon.IonDotnet library versions earlier than 1.3.2.
Urgency
Remediation is urgent due to the potential for denial of service.
Action
Upgrade to version 1.3.2 or later.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Amazon.IonDotnet

Get an email when a new Amazon.IonDotnet advisory drops — max one per day, one-click unsubscribe.

Details

Source
AWS Security Bulletins (INTL · vendor-psirt · site)
Severity
unknown
Published
2026-06-05
Exploitation
Not in CISA KEV at last sync

Original advisory: https://aws.amazon.com/security/security-bulletins/rss/aws-2025-022/

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2025-11573coverage & exploitation statusNVD · CVE.org

Recent advisories for - Denial of

A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.

More from AWS Security Bulletins