CVE-2022-31199CISA KEVEPSS p98.3%

CVE-2022-31199Netwrix Auditor Insecure Object Deserialization Vulnerability

Netwrix / Auditor

Description

Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\SYSTEM user. Successful exploitation requires that the attacker is able to reach port 9004/TCP, which is commonly blocked by standard enterprise firewalling.

Scoring

EPSS36.40% probability of exploitation · percentile 98.3% · 2026-06-19T12:03:05Z

CISA KEV entry

Added to KEV: 2023-07-11

(incoming)1

TypeTargetConfidenceTier
KEVEntryNetwrix Auditor Insecure Object Deserialization Vulnerabilitykev-cve-2022-311990%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Citrix Session Recording Deserialization of Untrusted Data Vulnerability
CVE
Citrix Session Recording Improper Privilege Management Vulnerability
CVE
Novi Survey Insecure Deserialization Vulnerability
CVE
CVE-2025-58384
CVE
CVE-2026-40368
CVE
CVE-2025-42963
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.