CVE-2025-3857: Infinite loop condition in Amazon.IonDotnet
(updated )
Amazon.IonDotnet (ion-dotnet) is a .NET library with an implementation of the Ion data serialization format.
An issue exists in Amazon.IonDotnet and the RawBinaryReader class where, under certain conditions, an actor could trigger an infinite loop condition.
References
- aws.amazon.com/security/security-bulletins/AWS-2025-009
- github.com/advisories/GHSA-gm2p-wf5c-w3pj
- github.com/amazon-ion/ion-dotnet
- github.com/amazon-ion/ion-dotnet/commit/34a4f5215eceac1bb7bf434c4f2310d64d1b703b
- github.com/amazon-ion/ion-dotnet/security/advisories/GHSA-gm2p-wf5c-w3pj
- nvd.nist.gov/vuln/detail/CVE-2025-3857
Code Behaviors & Features
Detect and mitigate CVE-2025-3857 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →