Amazon.IonDotnet, a .NET library for Ion data serialization, had a vulnerability (CVE-2025-3857). The vulnerability caused an infinite loop during deserialization of malformed binary Ion data. This infinite loop resulted in a denial-of-service condition. The affected version was 1.3.0 and earlier. Version 1.3.1 includes a patch for this vulnerability. Users are advised to upgrade to version 1.3.1 immediately. Forks and derivative code also require patching. Symbotic collaborated on the vulnerability disclosure. The issue is a denial-of-service vulnerability, not a data breach. Contact [email protected] for security concerns.