VDB
CVE-2025-3857
CVE-2025-3857
PUBLISHED
CVSS 8.699999809265137 HIGH
Infinite loop condition in Amazon.IonDotnet
EPSS 0.10% · 26.4th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.10%
26.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | Amazon Ion Dotnet | 0 |
| NuGet | Amazon.IonDotnet | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-3857 (circl-sighting)
- CIRCL seen: CVE-2025-3857 (circl-sighting)
- CIRCL seen: CVE-2025-3857 (circl-sighting)
- CIRCL seen: CVE-2025-3857 (circl-sighting)
- CIRCL seen: CVE-2025-3857 (circl-sighting)
- https://aws.amazon.com/security/security-bulletins/AWS-2025-009/ (circl)
- https://github.com/amazon-ion/ion-dotnet/security/advisories/GHSA-gm2p-wf5c-w3pj (circl)
- https://github.com/amazon-ion/ion-dotnet/releases/tag/v1.3.1 (circl)
Timeline
- Apr 21, 2025 CVE Published
- Apr 21, 2025 Coalition ESS Score
- Apr 21, 2025 PoC Published
- Apr 22, 2025 EPSS Score
- Apr 22, 2025 PoC Published
- Apr 23, 2025 Coalition ESS Score
- Apr 24, 2025 PoC Published
- May 4, 2025 EPSS Score
- May 16, 2025 EPSS Score
- May 29, 2025 EPSS Score
- Jun 10, 2025 EPSS Score
- Jun 22, 2025 EPSS Score
References
- https://aws.amazon.com/security/security-bulletins/AWS-2025-009/ vendor-advisory
- https://github.com/amazon-ion/ion-dotnet/security/advisories/GHSA-gm2p-wf5c-w3pj third-party-advisory
- https://github.com/amazon-ion/ion-dotnet/releases/tag/v1.3.1 patch
- https://nvd.nist.gov/vuln/detail/CVE-2025-3857 advisory
- https://github.com/amazon-ion/ion-dotnet/commit/34a4f5215eceac1bb7bf434c4f2310d64d1b703b url
- https://aws.amazon.com/security/security-bulletins/AWS-2025-009 url
- https://github.com/amazon-ion/ion-dotnet package