CVE-2025-43713

Name of the Vulnerable Software and Affected Versions: ASNA Assist versions prior to 2025-03-31 ASNA Registrar versions prior to 2025-03-31 DataGate for SQL Server versions 17.0.36.0 and 16.0.89.0 DataGate Component Suite versions 17.0.36.0 and 16.0.89.0 DataGate Monitor versions 17.0.26.0 and 16.0.65.0 DataGate WebPak versions 17.0.37.0 and 16.0.90.0 Monarch for .NET versions 11.4.50.0 and 10.0.62.0 Encore RPG version 4.1.36.0 Visual RPG .NET FW versions 17.0.37.0 and 16.0.90.0 Visual RPG .NET FW Windows Deployment versions 17.0.36.0 and 16.0.89.0 WingsRPG versions 11.0.38.0 and 10.0.95.0 Mobile RPG versions 11.0.35.0 and 10.0.94.0 Monarch Framework for .NET FW versions 11.0.36.0 and 10.0.89.0 Browser Terminal versions 17.0.37.0 and 16.0.90.0 Visual RPG Classic versions 5.2.7.0 and 5.1.17.0 Visual RPG Deployment versions 5.2.7.0 and 5.1.17.0 DataGate Studio versions 17.0.38.0 and 16.0.104.0

Description: The issue allows deserialization attacks against .NET remoting in Windows system services that support license key management and deprecated Windows network authentication. These services can be exploited via well-known deserialization techniques inherent in the technology. Because the services run with SYSTEM-level rights, exploits can be crafted to achieve escalation of privilege and arbitrary code execution.

Recommendations: For ASNA Assist and ASNA Registrar, update to a version released after 2025-03-31. For DataGate for SQL Server versions 17.0.36.0 and 16.0.89.0, update to a version released after 2025-03-31. For DataGate Component Suite versions 17.0.36.0 and 16.0.89.0, update to a version released after 2025-03-31. For DataGate Monitor versions 17.0.26.0 and 16.0.65.0, update to a version released after 2025-03-31. For DataGate WebPak versions 17.0.37.0 and 16.0.90.0, update to a version released after 2025-03-31. For Monarch for .NET versions 11.4.50.0 and 10.0.62.0, update to a version released after 2025-03-31. For Encore RPG version 4.1.36.0, update to a version released after 2025-03-31. For Visual RPG .NET FW versions 17.0.37.0 and 16.0.90.0, update to a version released after 2025-03-31. For Visual RPG .NET FW Windows Deployment versions 17.0.36.0 and 16.0.89.0, update to a version released after 2025-03-31. For WingsRPG versions 11.0.38.0 and 10.0.95.0, update to a version released after 2025-03-31. For Mobile RPG versions 11.0.35.0 and 10.0.94.0, update to a version released after 2025-03-31. For Monarch Framework for .NET FW versions 11.0.36.0 and 10.0.89.0, update to a version released after 2025-03-31. For Browser Terminal versions 17.0.37.0 and 16.0.90.0, update to a version released after 2025-03-31. For Visual RPG Classic versions 5.2.7.0 and 5.1.17.0, update to a version released after 2025-03-31. For Visual RPG Deployment versions 5.2.7.0 and 5.1.17.0, update to a version released after 2025-03-31. For DataGate Studio versions 17.0.38.0 and 16.0.104.0, update to a version released after 2025-03-31.