CVE-2022-50925

CRITICAL

Prowise Reflect <1.0.9 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50925. PoCs published by Rik Lutz.

AI-analyzed exploit summary This exploit demonstrates a remote keystroke injection vulnerability in Prowise Reflect v1.0.9 via WebSocket communication on port 8082. It simulates keyboard input to open Notepad and type a message, leveraging a lack of input validation in the WebSocket handler.

Description

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specific WebSocket messages.

Exploits (1)

exploitdb WORKING POC
by Rik Lutz · htmlremotewindows
https://www.exploit-db.com/exploits/50796

This exploit demonstrates a remote keystroke injection vulnerability in Prowise Reflect v1.0.9 via WebSocket communication on port 8082. It simulates keyboard input to open Notepad and type a message, leveraging a lack of input validation in the WebSocket handler.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Prowise Reflect v1.0.9
No auth needed
Prerequisites: Prowise Reflect v1.0.9 running on Windows · WebSocket connection to localhost:8082 · User interaction to trigger exploit
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0003
EPSS Percentile 10.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-346
Status published
Products (2)
Prowise/Prowise Reflect V1.0.9
prowise/reflect 1.0.9
Published Jan 13, 2026
Tracked Since Feb 18, 2026