AWS Updates - 2025-10-09

AWS Security Bulletins

CVE-2025-11573 - Denial of Service issue in Amazon.IonDotnet

• Link: https://aws.amazon.com/security/security-bulletins/rss/aws-2025-022/
• Published: 2025-10-09

Bulletin ID: AWS-2025-022
Scope: Amazon
Content Type: Important (requires attention)
Publication Date: 2025/10/09 11:00 PM PDT

Description:

Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data.

We identified CVE-2025-11573, which describes an infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 that may allow a threat actor to cause a denial of service through a specially crafted text input. As of August 20, 2025, this library has been deprecated and will not receive further updates.

Affected versions:

<1.3.2