CVE-2022-50925
Published: 13 January 2026
Summary
CVE-2022-50925 is a high-severity Origin Validation Error (CWE-346) vulnerability in Prowise Reflect. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-15 (Collaborative Computing Devices and Applications) and SC-41 (Port and I/O Device Access).
Deeper analysis
Prowise Reflect version 1.0.9 is affected by CVE-2022-50925, a remote keystroke injection vulnerability. The flaw stems from an exposed WebSocket endpoint on port 8082 that allows attackers to send keyboard events. By crafting specific WebSocket messages, adversaries can inject keystrokes remotely, enabling actions such as opening applications and typing arbitrary text. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-346.
Any remote attacker can exploit this vulnerability without authentication or user interaction, as it requires only network access to the WebSocket on port 8082. Exploitation involves creating a malicious web page that connects to the target device and sends crafted messages mimicking keyboard inputs. Successful attacks grant attackers full control over the victim's machine, potentially leading to execution of commands, data exfiltration, or deployment of malware through injected keystrokes.
Advisories from VulnCheck and Exploit-DB document the issue, including a proof-of-concept exploit available at https://www.exploit-db.com/exploits/50796. The vendor site at https://www.prowise.com/ is referenced, though specific patch details are not detailed in available sources. Practitioners should isolate or firewall port 8082 and monitor for anomalous WebSocket traffic until mitigation is confirmed.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2615
Vulnerability details
Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by…
more
sending specific WebSocket messages.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Exposed unauthenticated WebSocket enables remote exploitation of public-facing app (T1190); keystroke injection directly facilitates command execution via shell (T1059.003).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prohibits unauthorized remote activation of collaborative computing mechanisms like the exposed WebSocket used for keystroke injection.
Monitors and controls communications at system boundaries to block unauthorized network access to the vulnerable WebSocket on port 8082.
Restricts access to specific ports like 8082 and I/O interfaces exploited for remote keystroke injection.