CVE-2025-11573 identifies a vulnerability in Amazon.IonDotnet, a .NET library used for processing Amazon Ion data format. The issue stems from improper validation of syntactic correctness of input (CWE-1286), which can cause the library to enter an infinite loop when parsing specially crafted text inputs. This infinite loop results in a denial of service condition by exhausting CPU resources, potentially impacting availability of services relying on this library. The vulnerability affects all versions prior to 1.3.2, which was released to address this flaw. The CVSS 4.0 vector indicates the attack can be performed remotely over the network without any privileges, authentication, or user interaction, making it highly exploitable. Despite the severity, no public exploits have been reported yet. Amazon has deprecated the IonDotnet library as of August 2025, meaning no further patches will be provided beyond 1.3.2. Organizations still using this library must upgrade to the fixed version or migrate to alternative solutions. The vulnerability is particularly relevant for applications processing untrusted Ion data inputs, such as cloud services, data analytics platforms, or microservices architectures that utilize Amazon Ion for data serialization.

For European organizations, the primary impact is denial of service, which can disrupt critical business applications and cloud services that rely on Amazon.IonDotnet for data processing. This can lead to service outages, degraded performance, and potential cascading failures in dependent systems. Industries with high reliance on .NET frameworks and Amazon Web Services (AWS) infrastructure, such as finance, telecommunications, and government sectors, may experience operational interruptions. The lack of authentication or user interaction requirements increases the risk of automated exploitation attempts from external attackers. Additionally, since the library is deprecated, organizations face challenges in long-term support and must plan migration strategies to avoid future vulnerabilities. The impact extends to data integrity indirectly, as service disruptions can affect data processing pipelines and availability of critical information.

1. Immediate upgrade to Amazon.IonDotnet version 1.3.2 to patch the infinite loop vulnerability. 2. Since the library is deprecated, plan and execute migration to supported alternatives or newer data serialization libraries that provide similar functionality with active maintenance. 3. Implement strict input validation and sanitization on all Ion data inputs before processing to detect and reject malformed or suspicious payloads. 4. Deploy rate limiting and anomaly detection mechanisms on services consuming Ion data to identify and block potential denial of service attempts. 5. Monitor application logs and performance metrics for signs of infinite loops or resource exhaustion related to Ion data parsing. 6. Conduct code audits and penetration testing focusing on data deserialization components to uncover similar weaknesses. 7. Engage with vendors and cloud providers to understand their mitigation strategies and support timelines for deprecated components. 8. Establish incident response plans specifically addressing denial of service scenarios caused by malformed inputs.