Vulnerability cyber

PaperCut NG/MF

Jul 29, 2025 1 min read
PaperCut NG/MF

CISA warns of a high-severity vulnerability in PaperCut NG/MF print management software that allows threat actors to gain remote code execution through cross-site request forgery (CSRF) attacks. The flaw, tracked as CVE-2023-2533, was patched in June 2023. Successful exploitation requires tricking an admin into clicking a maliciously crafted link. The vulnerability has been added to CISA's Known Exploited Vulnerabilities Catalog, mandating federal agencies to patch systems by August 18. CISA encourages all organizations to prioritize patching. Shadowserver tracks over 1,100 exposed PaperCut servers, though not all are vulnerable to CVE-2023-2533. Previous vulnerabilities (CVE–2023–27350 and CVE–2023–27351) were exploited by ransomware gangs, including LockBit and Clop, and Iranian state-backed groups.

Source: https://www.bleepingcomputer.com/news/security/cisa-flags-papercut-rce-bug-as-exploited-in-attacks-patch-now/

TPRM report: https://scoringcyber.rankiteo.com/company/papercut-software

"id": "pap906072925",
"linkid": "papercut-software",
"type": "Vulnerability",
"date": "7/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Print Management Software',
                        'name': 'PaperCut',
                        'size': '100 million users across 70,000 organizations',
                        'type': 'Software Developer'}],
 'attack_vector': 'Cross-Site Request Forgery (CSRF)',
 'description': 'CISA warns that threat actors are exploiting a high-severity '
                'vulnerability in PaperCut NG/MF print management software, '
                'which can allow them to gain remote code execution in '
                'cross-site request forgery (CSRF) attacks. The software '
                'developer says that more than 100 million users use its '
                'products across over 70,000 organizations worldwide. The '
                'security flaw (tracked as CVE-2023-2533 and patched in June '
                '2023) can allow an attacker to alter security settings or '
                'execute arbitrary code if the target is an admin with a '
                'current login session, and successful exploitation typically '
                'requires tricking an admin into clicking a maliciously '
                'crafted link.',
 'initial_access_broker': {'entry_point': 'CVE-2023-2533'},
 'motivation': 'Remote Code Execution',
 'post_incident_analysis': {'corrective_actions': 'Patching the vulnerability',
                            'root_causes': 'High-severity vulnerability in '
                                           'PaperCut NG/MF software'},
 'recommendations': 'Prioritize patching this actively exploited security bug '
                    'as soon as possible.',
 'references': [{'source': 'CISA'}],
 'response': {'remediation_measures': 'Patching the vulnerability'},
 'title': 'Exploitation of High-Severity Vulnerability in PaperCut NG/MF '
          'Software',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'CVE-2023-2533'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.