📦

reflect

Vendor: macrium

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 1 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 0.07% Exploit Prob.

Latest CVE CVE-2022-50925 Jan 13

Security Vulnerability Index

Page 1 / 1

8.6 CVSS

CVE-2022-50925

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specific WebSocket messages.

EPSS: 0.04%

Severity: HIGH

Jan 13, 2026

7.8 CVSS

CVE-2023-43896

RCE

A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code.

EPSS: 0.09%

Severity: HIGH

Oct 10, 2023

7.8 CVSS

CVE-2020-10143

Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.

EPSS: 0.08%

Severity: HIGH

Dec 09, 2020

Displaying 3 of 2 Total Entries

Total 1 Sections