Cyber Posture

CVE-2022-50925

CriticalPublic PoC

Published: 13 January 2026

Published
13 January 2026
Modified
30 January 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 8.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-50925 is a critical-severity Origin Validation Error (CWE-346) vulnerability in Prowise Reflect. Its CVSS base score is 9.8 (Critical).

Operationally, ranked at the 8.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-15 (Collaborative Computing Devices and Applications) and SC-41 (Port and I/O Device Access).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-15 Collaborative Computing Devices and Applications good match
prevent

Directly prohibits unauthorized remote activation of collaborative computing mechanisms like the exposed WebSocket used for keystroke injection.

SC-7 Boundary Protection good match
prevent

Monitors and controls communications at system boundaries to block unauthorized network access to the vulnerable WebSocket on port 8082.

SC-41 Port and I/O Device Access good match
prevent

Restricts access to specific ports like 8082 and I/O interfaces exploited for remote keystroke injection.

NVD Description

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by…

more

sending specific WebSocket messages.

Deeper analysisAI

Prowise Reflect version 1.0.9 is affected by CVE-2022-50925, a remote keystroke injection vulnerability. The flaw stems from an exposed WebSocket endpoint on port 8082 that allows attackers to send keyboard events. By crafting specific WebSocket messages, adversaries can inject keystrokes remotely, enabling actions such as opening applications and typing arbitrary text. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-346.

Any remote attacker can exploit this vulnerability without authentication or user interaction, as it requires only network access to the WebSocket on port 8082. Exploitation involves creating a malicious web page that connects to the target device and sends crafted messages mimicking keyboard inputs. Successful attacks grant attackers full control over the victim's machine, potentially leading to execution of commands, data exfiltration, or deployment of malware through injected keystrokes.

Advisories from VulnCheck and Exploit-DB document the issue, including a proof-of-concept exploit available at https://www.exploit-db.com/exploits/50796. The vendor site at https://www.prowise.com/ is referenced, though specific patch details are not detailed in available sources. Practitioners should isolate or firewall port 8082 and monitor for anomalous WebSocket traffic until mitigation is confirmed.

Details

CWE(s)
CWE-346

Affected Products

prowise
reflect
1.0.9

CVEs Like This One

CVE-2026-41342Shared CWE-346
CVE-2022-50975Shared CWE-346
CVE-2025-7659Shared CWE-346
CVE-2026-34359Shared CWE-346
CVE-2026-41057Shared CWE-346
CVE-2026-23552Shared CWE-346
CVE-2026-26861Shared CWE-346
CVE-2026-22794Shared CWE-346
CVE-2024-57965Shared CWE-346
CVE-2026-34373Shared CWE-346

References