CVE-2025-11573: 
C# vulnerability analysis and mitigation

An infinite loop issue was discovered in Amazon.IonDotnet library versions prior to v1.3.2. The vulnerability, identified as CVE-2025-11573, was disclosed on October 9, 2025, affecting the text parsing functionality of lobs and strings in the library (AWS Security Bulletin, GitHub Release).

The vulnerability is characterized by an infinite loop condition that occurs during the text parsing of lobs and strings in the Amazon.IonDotnet library. The issue has been assigned a CVSS v3.1 Base Score of 7.5, with the following vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. This scoring indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges or user interaction, and primarily impacts system availability (CVSS Calculator).

The vulnerability can be exploited to cause a denial of service condition in applications using the affected versions of Amazon.IonDotnet. When successfully exploited, the infinite loop can lead to resource exhaustion, potentially making the affected service unavailable (AttackerKB).

Users are advised to upgrade to Amazon.IonDotnet version 1.3.2 or later, which contains the fix for this vulnerability. The patch addresses the infinite loop bugs in text parsing of lobs and strings (GitHub Release).