CVE-2025-11573: Amazon.IonDotnet is vulnerable to Denial of Service attacks
Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data. An issue exists where, under certain circumstances, the library could an infinite loop, resulting in denial of service. As of August 20, 2025, this library has been deprecated and will not receive further updates.
References
- aws.amazon.com/security/security-bulletins/AWS-2025-022
- github.com/advisories/GHSA-q5r6-9qwq-g2wj
- github.com/amazon-ion/ion-dotnet
- github.com/amazon-ion/ion-dotnet/commit/edaff75fe5abbb71e647bed812c608c0c5e2fbab
- github.com/amazon-ion/ion-dotnet/pull/160
- github.com/amazon-ion/ion-dotnet/releases/tag/v1.3.2
- github.com/amazon-ion/ion-dotnet/security/advisories/GHSA-q5r6-9qwq-g2wj
- nvd.nist.gov/vuln/detail/CVE-2025-11573
Code Behaviors & Features
Detect and mitigate CVE-2025-11573 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →