AWS Updates - 2025-11-07

AWS Security Bulletins

CVE-2025-12829 - Integer Overflow issue in Amazon Ion-C

• Link: https://aws.amazon.com/security/security-bulletins/rss/aws-2025-027/
• Published: 2025-11-07

Bulletin ID: AWS-2025-027
Scope: Amazon
Content Type: Important (requires attention)
Publication Date: 2025/11/7 10:15 AM PDT

Description:

Amazon's Ion-C is a library for the C language that is used to read and write Amazon Ion data.

We Identified CVE-2025-12829, which describes an uninitialized stack read issue in Ion-C versions < v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences.

Impacted versions: < v1.1.4