ASNA Knowledge Base
Technical references, how-tos, and trouble-shooting for ASNA products
ASNA Security Update FAQ
This is an IMPORTANT SECURITY UPDATE. Action is required to avoid an ASNA Windows Services vulnerability.
This is an important security notification regarding a vulnerability discovered in two ASNA Windows Services: ASNA Assist and ASNA Registrar. We have resolved this vulnerability with updated versions of all supported ASNA products.
Action required
New product versions are available for download today. We strongly recommend avoiding any chance of threat by upgrading the affected products as soon as possible.
Download updated products here.
Read about product requirements here.
ASNA Vulnerability FAQ
What is the vulnerability?
The issue is related to .NET remoting, which we’ve used for years for backwards compatibility with some of our older products. This vulnerability was be published by www.cve.org as CVE-2025-43713 and its CVE record is available here.
How quickly should I address this issue?
Immediately. While this vulnerability has existed for some time without reported exploitation, its existence is now confirmed. Under specific conditions, it could allow unauthorized access to a Windows machine. We strongly recommend you upgrade the ASNA products you use as soon as you can.
How was this vulnerability discovered?
The ASNA Assist and ASNA Registrar services have been in use for years and have never had a reported breach. However, the issue was recently reported after a customer’s deep security audit revealed the vulnerability. What, exactly, is the threat?
The vulnerability exists only on the network where Windows machines are running the affected ASNA Assist or ASNA Registrar services. The threat is present only when these vulnerable services are running and an untrusted user has Windows network access (e.g., via a malicious intruder or a disgruntled employee).
What products are affected?
This vulnerability affects only our Windows-based products. DataGate for IBM i is not affected. Our Visual RPG (for .NET and Classic), Wings, Mobile RPG, and DataGate for SQL Server are affected by this vulnerability and need to be updated.
How do I address this issue?
We’ve resolved this vulnerability with refreshed versions of all supported products. These new versions are available for download today. We strongly recommend that you avoid any chance of threat by upgrading the affected products as soon as possible.
I am using a retired version of one of your products, how does this affect me?
You’ll need to upgrade to a supported product version protected from vulnerability. Patches will not be provided for older retired products.
Do I need to recompile my projects?
No, you do not need to recompile, however you should test thoroughly to ensure that you are not using some odd old, aberrant behavior that has been fixed in the current versions that may affect your application .
Are there any short-term workarounds?
For some fat-client Windows applications, you can temporarily limit exposure. This involves enabling the ASNA Assist and ASNA Registrar services only for brief periods (e.g., to install a license key with the ASNA Registration Assistant) and then immediately disabling the services again.
ASP.NET Web applications, Web services, and Visual RPG developer work rely more consistently on these ASNA services, making this workaround unsuitable or impractical for those environments.
This work-around is not a permanent solution and still carries risk. We strongly recommend avoiding any chance of threat by upgrading the affected products.
If you have any questions, please contact ASNA Support at support@asna.com or call us in the US at 800-289-2762 or in Europe at +34 902 365 787 .
ASNA acknowledges and thanks Jonas Vestberg of Reversec Labs for his assistance reporting and resolving this issue.