Login Sign Up

CVE-2022-50925

9.8 CRITICAL

📋 TL;DR

CVE-2022-50925 is a remote keystroke injection vulnerability in Prowise Reflect version 1.0.9 that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, potentially opening applications and typing arbitrary text. This affects users running the vulnerable version of Prowise Reflect software.

💻 Affected Systems

Products:
  • Prowise Reflect
Versions: Version 1.0.9
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default configuration with WebSocket enabled on port 8082.

📦 What is this software?

Reflect by Prowise

View all CVEs affecting Reflect →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution by opening malicious applications and executing commands through keystroke injection.

🟠

Likely Case

Unauthorized application access, data theft, or system manipulation through injected keystrokes.

🟢

If Mitigated

Limited impact if WebSocket access is blocked or software is patched.

🌐 Internet-Facing: HIGH - WebSocket on port 8082 is remotely accessible, allowing exploitation from the internet.
🏢 Internal Only: HIGH - Even internally, the vulnerability allows keystroke injection attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available on Exploit-DB, requiring only web browser access to malicious page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.0.10 or later

Vendor Advisory: https://www.prowise.com/

Restart Required: Yes

Instructions:

1. Download latest version from Prowise website. 2. Uninstall current version. 3. Install updated version. 4. Restart system.

🔧 Temporary Workarounds

Block WebSocket Port

all

Block access to port 8082 using firewall rules to prevent WebSocket communication.

sudo iptables -A INPUT -p tcp --dport 8082 -j DROP
netsh advfirewall firewall add rule name="Block Prowise WS" dir=in action=block protocol=TCP localport=8082

Disable WebSocket Service

all

Disable or stop the Prowise Reflect WebSocket service.

sudo systemctl stop prowisereflect
sc stop "Prowise Reflect"

🧯 If You Can't Patch

  • Network segmentation: Isolate systems running Prowise Reflect from untrusted networks.
  • Application control: Restrict which applications can be launched via keystroke injection.

🔍 How to Verify

Check if Vulnerable:

Check if Prowise Reflect version 1.0.9 is installed and port 8082 is listening: netstat -an | findstr 8082 or ss -tlnp | grep 8082

Check Version:

Check application about dialog or installed programs list for version number.

Verify Fix Applied:

Verify version is 1.0.10 or later and port 8082 is no longer exposed or properly secured.

📡 Detection & Monitoring

Log Indicators:

  • Unusual WebSocket connections on port 8082
  • Unexpected application launches

Network Indicators:

  • WebSocket traffic to port 8082 from external sources
  • Malformed WebSocket messages

SIEM Query:

source_port=8082 AND protocol=websocket AND (src_ip NOT IN internal_range)

📊 Metadata

CVE ID: CVE-2022-50925
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-346
EPSS Score: 0.03% exploit probability (6.2th percentile)
Published: January 13, 2026
Last Updated: January 30, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50925, you might also want to check these:

CVE-2023-25366 9.8

This vulnerability in Siglent SDS oscilloscopes allows attackers to retrieve the web interface passw...

Same vulnerability type (CWE-346)
CVE-2024-8487 9.8

This CVE describes a Cross-Origin Resource Sharing (CORS) misconfiguration in modelscope/agentscope ...

Same vulnerability type (CWE-346)
CVE-2026-2790 9.8

This CVE describes a same-origin policy bypass vulnerability in Firefox's JAR (Java Archive) network...

Same vulnerability type (CWE-346)