CVE-2022-31199

CRITICAL 9.8

⚠️ CISA KEV

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and potentially allow an unauthenticated remote attacker to execute arbitrary code as the NT AUTHORITY\SYSTEM user on affected systems, including on systems Netwrix Auditor monitors.

Vendor	n/a
Product	n/a
Published	Nov 8, 2022
Last Updated	Oct 21, 2025

⚠️ Actively Exploited — Act Now

Get instant alerts for n/a n/a

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2022-31199.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

bishopfox.com: https://bishopfox.com/blog/netwrix-auditor-advisory cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-31199