CVE-2022-41945 MEDIUM

CVE-2022-41945: Remote Code Execution (RCE) vulnerability in super-xray via URL input

Vendor 4Ra1N
Product super-xray
Weakness CWE-94 · Code injection
Published November 21, 2022
Last update April 22, 2025

CVSS base score

6.5/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced ​​into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta.

Key dates

02Disclosure timeline

November 21, 2022 CVE published
April 22, 2025 Record updated