CVE-2025-43713
Essential information
- Published
- 03/07/2025 14:15
- Modified
- 03/07/2025 15:13
- Author
- —
- Creator
- —
- CVSS
- 6.5 MEDIUM (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- NONE
- User interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality impact
- LOW
- Integrity impact
- LOW
- Availability impact
- NONE
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support license key management and deprecated Windows network authentication. The services are implemented with .NET remoting and can be exploited via well-known deserialization techniques inherent in the technology. Because the services run with SYSTEM-level rights, exploits can be crafted to achieve escalation of privilege and arbitrary code execution. This affects DataGate for SQL Server 17.0.36.0 and 16.0.89.0, DataGate Component Suite 17.0.36.0 and 16.0.89.0, DataGate Monitor 17.0.26.0 and 16.0.65.0, DataGate WebPak 17.0.37.0 and 16.0.90.0, Monarch for .NET 11.4.50.0 and 10.0.62.0, Encore RPG 4.1.36.0, Visual RPG .NET FW 17.0.37.0 and 16.0.90.0, Visual RPG .NET FW Windows Deployment 17.0.36.0 and 16.0.89.0, WingsRPG 11.0.38.0 and 10.0.95.0, Mobile RPG 11.0.35.0 and 10.0.94.0, Monarch Framework for .NET FW 11.0.36.0 and 10.0.89.0, Browser Terminal 17.0.37.0 and 16.0.90.0, Visual RPG Classic 5.2.7.0 and 5.1.17.0, Visual RPG Deployment 5.2.7.0 and 5.1.17.0, and DataGate Studio 17.0.38.0 and 16.0.104.0.
NVD status
- Status
- Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| asna / datagate for sql server | cpe:2.3:a:asna:datagate_for_sql_server:17.0.36.0:*:*:*:*:*:*:* |
| asna / datagate for sql server | cpe:2.3:a:asna:datagate_for_sql_server:16.0.89.0:*:*:*:*:*:*:* |
| asna / datagate component suite | cpe:2.3:a:asna:datagate_component_suite:17.0.36.0:*:*:*:*:*:*:* |
| asna / datagate component suite | cpe:2.3:a:asna:datagate_component_suite:16.0.89.0:*:*:*:*:*:*:* |
| asna / datagate monitor | cpe:2.3:a:asna:datagate_monitor:17.0.26.0:*:*:*:*:*:*:* |
| asna / datagate monitor | cpe:2.3:a:asna:datagate_monitor:16.0.65.0:*:*:*:*:*:*:* |
| asna / datagate webpak | cpe:2.3:a:asna:datagate_webpak:17.0.37.0:*:*:*:*:*:*:* |
| asna / datagate webpak | cpe:2.3:a:asna:datagate_webpak:16.0.90.0:*:*:*:*:*:*:* |
| asna / monarch for net | cpe:2.3:a:asna:monarch_for_net:11.4.50.0:*:*:*:*:*:*:* |
| asna / monarch for net | cpe:2.3:a:asna:monarch_for_net:10.0.62.0:*:*:*:*:*:*:* |
| asna / encore rpg | cpe:2.3:a:asna:encore_rpg:4.1.36.0:*:*:*:*:*:*:* |
| asna / visual rpg net fw | cpe:2.3:a:asna:visual_rpg_net_fw:17.0.37.0:*:*:*:*:*:*:* |
| asna / visual rpg net fw | cpe:2.3:a:asna:visual_rpg_net_fw:16.0.90.0:*:*:*:*:*:*:* |
| asna / wingsrpg | cpe:2.3:a:asna:wingsrpg:11.0.38.0:*:*:*:*:*:*:* |
| asna / wingsrpg | cpe:2.3:a:asna:wingsrpg:10.0.95.0:*:*:*:*:*:*:* |
| asna / mobile rpg | cpe:2.3:a:asna:mobile_rpg:11.0.35.0:*:*:*:*:*:*:* |
| asna / mobile rpg | cpe:2.3:a:asna:mobile_rpg:10.0.94.0:*:*:*:*:*:*:* |
| asna / monarch framework for net fw | cpe:2.3:a:asna:monarch_framework_for_net_fw:11.0.36.0:*:*:*:*:*:*:* |
| asna / monarch framework for net fw | cpe:2.3:a:asna:monarch_framework_for_net_fw:10.0.89.0:*:*:*:*:*:*:* |
| asna / browser terminal | cpe:2.3:a:asna:browser_terminal:17.0.37.0:*:*:*:*:*:*:* |
| asna / browser terminal | cpe:2.3:a:asna:browser_terminal:16.0.90.0:*:*:*:*:*:*:* |
| asna / visual rpg classic | cpe:2.3:a:asna:visual_rpg_classic:5.2.7.0:*:*:*:*:*:*:* |
| asna / visual rpg classic | cpe:2.3:a:asna:visual_rpg_classic:5.1.17.0:*:*:*:*:*:*:* |
| asna / visual rpg deployment | cpe:2.3:a:asna:visual_rpg_deployment:5.2.7.0:*:*:*:*:*:*:* |
| asna / visual rpg deployment | cpe:2.3:a:asna:visual_rpg_deployment:5.1.17.0:*:*:*:*:*:*:* |
| asna / datagate studio | cpe:2.3:a:asna:datagate_studio:17.0.38.0:*:*:*:*:*:*:* |
| asna / datagate studio | cpe:2.3:a:asna:datagate_studio:16.0.104.0:*:*:*:*:*:*:* |