CVE-2025-43713

July 3, 2025, 3:13 p.m.

6.5
Medium

Description

ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support license key management and deprecated Windows network authentication. The services are implemented with .NET remoting and can be exploited via well-known deserialization techniques inherent in the technology. Because the services run with SYSTEM-level rights, exploits can be crafted to achieve escalation of privilege and arbitrary code execution. This affects DataGate for SQL Server 17.0.36.0 and 16.0.89.0, DataGate Component Suite 17.0.36.0 and 16.0.89.0, DataGate Monitor 17.0.26.0 and 16.0.65.0, DataGate WebPak 17.0.37.0 and 16.0.90.0, Monarch for .NET 11.4.50.0 and 10.0.62.0, Encore RPG 4.1.36.0, Visual RPG .NET FW 17.0.37.0 and 16.0.90.0, Visual RPG .NET FW Windows Deployment 17.0.36.0 and 16.0.89.0, WingsRPG 11.0.38.0 and 10.0.95.0, Mobile RPG 11.0.35.0 and 10.0.94.0, Monarch Framework for .NET FW 11.0.36.0 and 10.0.89.0, Browser Terminal 17.0.37.0 and 16.0.90.0, Visual RPG Classic 5.2.7.0 and 5.1.17.0, Visual RPG Deployment 5.2.7.0 and 5.1.17.0, and DataGate Studio 17.0.38.0 and 16.0.104.0.

Product(s) Impacted

Vendor Product Versions
Asna
  • Datagate For Sql Server
  • Datagate Component Suite
  • Datagate Monitor
  • Datagate Webpak
  • Monarch For Net
  • Encore Rpg
  • Visual Rpg Net Fw
  • Wingsrpg
  • Mobile Rpg
  • Monarch Framework For Net Fw
  • Browser Terminal
  • Visual Rpg Classic
  • Visual Rpg Deployment
  • Datagate Studio
  • 17.0.36.0, 16.0.89.0
  • 17.0.36.0, 16.0.89.0
  • 17.0.26.0, 16.0.65.0
  • 17.0.37.0, 16.0.90.0
  • 11.4.50.0, 10.0.62.0
  • 4.1.36.0
  • 17.0.37.0, 16.0.90.0
  • 11.0.38.0, 10.0.95.0
  • 11.0.35.0, 10.0.94.0
  • 11.0.36.0, 10.0.89.0
  • 17.0.37.0, 16.0.90.0
  • 5.2.7.0, 5.1.17.0
  • 5.2.7.0, 5.1.17.0
  • 17.0.38.0, 16.0.104.0

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a asna datagate_for_sql_server 17.0.36.0 / / / / / / /
a asna datagate_for_sql_server 16.0.89.0 / / / / / / /
a asna datagate_component_suite 17.0.36.0 / / / / / / /
a asna datagate_component_suite 16.0.89.0 / / / / / / /
a asna datagate_monitor 17.0.26.0 / / / / / / /
a asna datagate_monitor 16.0.65.0 / / / / / / /
a asna datagate_webpak 17.0.37.0 / / / / / / /
a asna datagate_webpak 16.0.90.0 / / / / / / /
a asna monarch_for_net 11.4.50.0 / / / / / / /
a asna monarch_for_net 10.0.62.0 / / / / / / /
a asna encore_rpg 4.1.36.0 / / / / / / /
a asna visual_rpg_net_fw 17.0.37.0 / / / / / / /
a asna visual_rpg_net_fw 16.0.90.0 / / / / / / /
a asna wingsrpg 11.0.38.0 / / / / / / /
a asna wingsrpg 10.0.95.0 / / / / / / /
a asna mobile_rpg 11.0.35.0 / / / / / / /
a asna mobile_rpg 10.0.94.0 / / / / / / /
a asna monarch_framework_for_net_fw 11.0.36.0 / / / / / / /
a asna monarch_framework_for_net_fw 10.0.89.0 / / / / / / /
a asna browser_terminal 17.0.37.0 / / / / / / /
a asna browser_terminal 16.0.90.0 / / / / / / /
a asna visual_rpg_classic 5.2.7.0 / / / / / / /
a asna visual_rpg_classic 5.1.17.0 / / / / / / /
a asna visual_rpg_deployment 5.2.7.0 / / / / / / /
a asna visual_rpg_deployment 5.1.17.0 / / / / / / /
a asna datagate_studio 17.0.38.0 / / / / / / /
a asna datagate_studio 16.0.104.0 / / / / / / /

References

https://asna.com
https://www.asna.com/en/kb/security-update

Tags

cve@mitre.org
CWE-502
2025-07-03
CVE-2025-43713

CVSS Score

6.5 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: LOW
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

    View Vector String

Timeline

Published: July 3, 2025, 2:15 p.m.
Last Modified: July 3, 2025, 3:13 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.