CVE-2025-43713
Description
ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support license key management and deprecated Windows network authentication. The services are implemented with .NET remoting and can be exploited via well-known deserialization techniques inherent in the technology. Because the services run with SYSTEM-level rights, exploits can be crafted to achieve escalation of privilege and arbitrary code execution. This affects DataGate for SQL Server 17.0.36.0 and 16.0.89.0, DataGate Component Suite 17.0.36.0 and 16.0.89.0, DataGate Monitor 17.0.26.0 and 16.0.65.0, DataGate WebPak 17.0.37.0 and 16.0.90.0, Monarch for .NET 11.4.50.0 and 10.0.62.0, Encore RPG 4.1.36.0, Visual RPG .NET FW 17.0.37.0 and 16.0.90.0, Visual RPG .NET FW Windows Deployment 17.0.36.0 and 16.0.89.0, WingsRPG 11.0.38.0 and 10.0.95.0, Mobile RPG 11.0.35.0 and 10.0.94.0, Monarch Framework for .NET FW 11.0.36.0 and 10.0.89.0, Browser Terminal 17.0.37.0 and 16.0.90.0, Visual RPG Classic 5.2.7.0 and 5.1.17.0, Visual RPG Deployment 5.2.7.0 and 5.1.17.0, and DataGate Studio 17.0.38.0 and 16.0.104.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ASNA Assist and Registrar services contain .NET remoting deserialization flaws allowing SYSTEM-level privilege escalation.
Vulnerability
Details CVE-2025-43713 involves a deserialization vulnerability in the .NET remoting implementation used by ASNA Assist and ASNA Registrar Windows services. These services are used for license key management and deprecated Windows network authentication. The issue stems from insecure deserialization of .NET remoting objects, a well-known attack vector that can be exploited without authentication, provided the attacker has network access to the affected services [2].
Exploitation
An attacker with network access to a machine running a vulnerable ASNA service can send crafted .NET remoting messages to trigger deserialization of malicious objects. Because the services run with SYSTEM-level privileges, successful exploitation can lead to remote code execution and escalation of privilege. No user interaction is required, and the attack can be performed over the network [2].
Impact
Successful exploitation allows an attacker to execute arbitrary code with SYSTEM privileges, fully compromising the affected Windows system. The vulnerability affects a wide range of ASNA products, including DataGate for SQL Server, DataGate Component Suite, DataGate Monitor, DataGate WebPak, Monarch for .NET, Encore RPG, Visual RPG, WingsRPG, Mobile RPG, Monarch Framework, Browser Terminal, Visual RPG Classic, Visual RPG Deployment, and DataGate Studio, across multiple versions [2].
Mitigation
ASNA has released updated versions of all affected products that remove the vulnerable .NET remoting services. Users are strongly advised to upgrade to the latest versions immediately. There is no workaround; upgrading is the only way to remediate the vulnerability. While no known public exploits have been reported, the risk is significant due to the SYSTEM-level access achievable [2].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <2025-03-31
- Range: <2025-03-31
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.