216.73.217.64

CVE-2025-43713

· Published 03/07/2025 14:15 · Modified 03/07/2025 15:13

Labels: CVE-2025-43713 2025-07-03CVE-2025-43713CWE-502[email protected]

Essential information

Published
03/07/2025 14:15
Modified
03/07/2025 15:13
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS metrics

Description

ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support license key management and deprecated Windows network authentication. The services are implemented with .NET remoting and can be exploited via well-known deserialization techniques inherent in the technology. Because the services run with SYSTEM-level rights, exploits can be crafted to achieve escalation of privilege and arbitrary code execution. This affects DataGate for SQL Server 17.0.36.0 and 16.0.89.0, DataGate Component Suite 17.0.36.0 and 16.0.89.0, DataGate Monitor 17.0.26.0 and 16.0.65.0, DataGate WebPak 17.0.37.0 and 16.0.90.0, Monarch for .NET 11.4.50.0 and 10.0.62.0, Encore RPG 4.1.36.0, Visual RPG .NET FW 17.0.37.0 and 16.0.90.0, Visual RPG .NET FW Windows Deployment 17.0.36.0 and 16.0.89.0, WingsRPG 11.0.38.0 and 10.0.95.0, Mobile RPG 11.0.35.0 and 10.0.94.0, Monarch Framework for .NET FW 11.0.36.0 and 10.0.89.0, Browser Terminal 17.0.37.0 and 16.0.90.0, Visual RPG Classic 5.2.7.0 and 5.1.17.0, Visual RPG Deployment 5.2.7.0 and 5.1.17.0, and DataGate Studio 17.0.38.0 and 16.0.104.0.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
asna / datagate for sql server cpe:2.3:a:asna:datagate_for_sql_server:17.0.36.0:*:*:*:*:*:*:*
asna / datagate for sql server cpe:2.3:a:asna:datagate_for_sql_server:16.0.89.0:*:*:*:*:*:*:*
asna / datagate component suite cpe:2.3:a:asna:datagate_component_suite:17.0.36.0:*:*:*:*:*:*:*
asna / datagate component suite cpe:2.3:a:asna:datagate_component_suite:16.0.89.0:*:*:*:*:*:*:*
asna / datagate monitor cpe:2.3:a:asna:datagate_monitor:17.0.26.0:*:*:*:*:*:*:*
asna / datagate monitor cpe:2.3:a:asna:datagate_monitor:16.0.65.0:*:*:*:*:*:*:*
asna / datagate webpak cpe:2.3:a:asna:datagate_webpak:17.0.37.0:*:*:*:*:*:*:*
asna / datagate webpak cpe:2.3:a:asna:datagate_webpak:16.0.90.0:*:*:*:*:*:*:*
asna / monarch for net cpe:2.3:a:asna:monarch_for_net:11.4.50.0:*:*:*:*:*:*:*
asna / monarch for net cpe:2.3:a:asna:monarch_for_net:10.0.62.0:*:*:*:*:*:*:*
asna / encore rpg cpe:2.3:a:asna:encore_rpg:4.1.36.0:*:*:*:*:*:*:*
asna / visual rpg net fw cpe:2.3:a:asna:visual_rpg_net_fw:17.0.37.0:*:*:*:*:*:*:*
asna / visual rpg net fw cpe:2.3:a:asna:visual_rpg_net_fw:16.0.90.0:*:*:*:*:*:*:*
asna / wingsrpg cpe:2.3:a:asna:wingsrpg:11.0.38.0:*:*:*:*:*:*:*
asna / wingsrpg cpe:2.3:a:asna:wingsrpg:10.0.95.0:*:*:*:*:*:*:*
asna / mobile rpg cpe:2.3:a:asna:mobile_rpg:11.0.35.0:*:*:*:*:*:*:*
asna / mobile rpg cpe:2.3:a:asna:mobile_rpg:10.0.94.0:*:*:*:*:*:*:*
asna / monarch framework for net fw cpe:2.3:a:asna:monarch_framework_for_net_fw:11.0.36.0:*:*:*:*:*:*:*
asna / monarch framework for net fw cpe:2.3:a:asna:monarch_framework_for_net_fw:10.0.89.0:*:*:*:*:*:*:*
asna / browser terminal cpe:2.3:a:asna:browser_terminal:17.0.37.0:*:*:*:*:*:*:*
asna / browser terminal cpe:2.3:a:asna:browser_terminal:16.0.90.0:*:*:*:*:*:*:*
asna / visual rpg classic cpe:2.3:a:asna:visual_rpg_classic:5.2.7.0:*:*:*:*:*:*:*
asna / visual rpg classic cpe:2.3:a:asna:visual_rpg_classic:5.1.17.0:*:*:*:*:*:*:*
asna / visual rpg deployment cpe:2.3:a:asna:visual_rpg_deployment:5.2.7.0:*:*:*:*:*:*:*
asna / visual rpg deployment cpe:2.3:a:asna:visual_rpg_deployment:5.1.17.0:*:*:*:*:*:*:*
asna / datagate studio cpe:2.3:a:asna:datagate_studio:17.0.38.0:*:*:*:*:*:*:*
asna / datagate studio cpe:2.3:a:asna:datagate_studio:16.0.104.0:*:*:*:*:*:*:*

References