AI description
CVE-2023-2533 is a Cross-Site Request Forgery (CSRF) vulnerability affecting PaperCut NG/MF print management solutions. It stems from a security flaw that could allow attackers to manipulate system configurations and potentially gain unauthorized access to organizational networks. Under specific conditions, this vulnerability could enable an attacker to alter security settings or execute arbitrary code. Exploitation typically involves deceiving an administrator with an active login session into clicking a specially crafted, malicious link, potentially leading to unauthorized changes. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating that it is being actively exploited in the wild.
- Description
- A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.
- Source
- help@fluidattacks.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability
- Exploit added on
- Jul 28, 2025
- Exploit action due
- Aug 18, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
🚨CVE Alert: PaperCut MF/NG Remote code execution vulnerability via CSRF Exploited In The Wild🚨 Vulnerability Details: CVE-2023-2533(8.4/10) PaperCut MF/NG Remote code execution vulnerability Impact: A successful exploit may allow an attacker to perform unauthorized actio
@CyberxtronTech
30 Jul 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 :CVE-2023-2533 : A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF 🔥EXP :https://t.co/4KtpK7WtVT 📊3M+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/HVDHt10A2y 👇Query HUNTER : htt
@HunterMapping
30 Jul 2025
2677 Impressions
10 Retweets
55 Likes
19 Bookmarks
0 Replies
0 Quotes
PaperCutの脆弱性CVE-2023-2533が悪用される危険性について https://t.co/mlovo4ez0d #Security #セキュリティ #ニュース
@SecureShield_
30 Jul 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Alert for Schools, Government Offices, and Businesses: A critical vulnerability in PaperCut NG/MF (CVE-2023-2533) is being actively exploited by ransomware gangs and state actors, allowing remote code execution and network breaches. We're diving into the details, h
@Harborcoattech
29 Jul 2025
20735 Impressions
3 Retweets
9 Likes
2 Bookmarks
3 Replies
0 Quotes
CISA flags PaperCut RCE bug as exploited in attacks, patch now! CISA warns that threat actors are actively exploiting CVE-2023-2533, a high-severity vulnerability in PaperCut NG/MF print management software, which enables remote code execution via CSRF if an admin clicks a http
@dCypherIO
29 Jul 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security vulnerability impacting PaperCutNG/MF CVE-2023-2533 #2025 #Infosec #BT https://t.co/M1azorYXEB https://t.co/tDYJZGomD7
@brierandthorn
29 Jul 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
La Agencia de Seguridad de Infraestructura y Ciberseguridad de Estados Unidos #CISA agregó el lunes una vulnerabilidad de seguridad de alta gravedad que afecta al software de gestión de impresión PaperCutNG/MF. CVE-2023-2533 #2025 #Infosec #BT https://t.co/eXj6AG8Uzx
@BrierandThornMX
29 Jul 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation. Tracked as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) bug that could result in remote code execution. https://t.co/AixmExGPws https://t.co/6Yc5V34bdy
@riskigy
29 Jul 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼ #PaperCut: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2023-2533 relativa a PaperCutNG/MF Rischio: 🟡 Tipologia 🔸 Remote Code Execution 🔸 Tampering 🔗 https://t.co/RfUDsDW5cQ ⚠ Importante aggiornare i prodotti inte… https://t.c
@Vulcanux_
29 Jul 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼ #PaperCut: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2023-2533 relativa a PaperCutNG/MF Rischio: 🟡 Tipologia 🔸 Remote Code Execution 🔸 Tampering 🔗 https://t.co/uFmNCVBYu3 ⚠ Importante aggiornare i prodotti interessati https://t.co/WFyn
@csirt_it
29 Jul 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has identified a high-severity vulnerability (CVE-2023-2533) in PaperCut NG/MF software, allowing remote code execution via CSRF attacks. Over 100 million users are affected. https://t.co/sFRkH1lHx9
@securityRSS
29 Jul 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added a severe vulnerability (CVE-2023-2533, CVSS 8.4) in PaperCutNG/MF software to its KEV catalog, citing active exploitation. This cross-site request forgery (CSRF) bug poses significant security risks.
@thatsmokepit
29 Jul 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PaperCut NG/MF vulnerability (CVE-2023-2533) actively exploited; patch immediately! CISA added to KEV catalog. #CyberSecurity #Vulnerability #TheHackerNews ~ Post By @0xarchit AI Agent
@ArcNewsAi
29 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Flags PaperCut NG/MF Vulnerability CVE-2023-2533 added to KEV list — CSRF flaw actively exploited for remote code execution. 🔗 Read More: https://t.co/kndmsi4wVf #CyberSecurity #CISA #PaperCut #CVE20232533 #Ransomware #KEV #TechPIO #ZeroTrust https://t.co/KAT1gxh
@techpio_team
29 Jul 2025
111 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical CSRF vulnerability (CVE-2023-2533) in PaperCut NG/MF is actively exploited, risking remote code execution. Threat actors like LockBit and Iranian groups may target affected systems. #PaperCut #CISA #Iran https://t.co/as7iQwrpyM
@TweetThreatNews
29 Jul 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 أضافت وكالة الأمن السيبراني والبنية التحتية الأمريكية (CISA) ثغرة أمنية عالية الخطورة في برنامج إدارة الطباعة PaperCutNG/MF إلى سجل الثغرات المستغلة المعروفة
@Cybercachear
29 Jul 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA just confirmed active exploitation of a critical PaperCut bug (CVE-2023-2533) — attackers can hijack admin sessions to run code remotely. It’s being used by ransomware gangs right now. Patch before August 18 or risk breach. Full details → https://t.co/WFS5Kh3c1
@TheHackersNews
29 Jul 2025
15888 Impressions
47 Retweets
114 Likes
14 Bookmarks
3 Replies
2 Quotes
PaperCutのRCE脆弱性CVE-2023-2533の影響と対策 https://t.co/7iW1iJadYV #Security #セキュリティ #ニュース
@SecureShield_
29 Jul 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA alerta sobre explotación activa de la vulnerabilidad CVE-2023-2533 en PaperCut NG/MF. Permite RCE vía CSRF. Parchea antes del 18 de agosto. #PaperCut #CISA #SISAPNew https://t.co/ja1ViTFYWs
@SISAP_LATAM
28 Jul 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA alerts that CVE-2023-2533 in PaperCut NG/MF is being exploited via CSRF, risking remote code execution. Over 100M users across 70,000+ organizations, including US federal agencies, are impacted. #PatchNow #US #PrintSecurity https://t.co/35rrxNqeIy
@TweetThreatNews
28 Jul 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA warns of acute exploitation of PaperCut NG - CVE-2023-2533 PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability We've added a PaperCut NG decoy into the free decoys, go deploy yours now 👉https://t.co/GXFaqggV8a https://t.co/oeBApvFpRE
@DefusedCyber
28 Jul 2025
2327 Impressions
3 Retweets
6 Likes
3 Bookmarks
0 Replies
0 Quotes
CISA warns of acute exploitation of PaperCut NG - CVE-2023-2533 PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability We've added a PaperCut NG decoy into the free decoys, go deploy yours now @DefusedCyber https://t.co/MyjtCk0Ozg
@SimoKohonen
28 Jul 2025
428 Impressions
1 Retweet
6 Likes
0 Bookmarks
1 Reply
0 Quotes
🛡️ We added PaperCut and Cisco vulnerabilities CVE-2023-2533, CVE-2025-20281, & CVE-2025-20337 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.c
@CISACyber
28 Jul 2025
400 Impressions
1 Retweet
5 Likes
2 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C32F194D-D229-4694-B8AD-94BB7B427378",
"versionEndExcluding": "20.1.8"
},
{
"criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "373E06E9-6AAB-45D4-84FE-B12BB48086D7",
"versionEndExcluding": "21.2.12",
"versionStartIncluding": "21.0.0"
},
{
"criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B94F9EC5-EC1D-47CB-ABDA-90845C4485AA",
"versionEndExcluding": "22.1.1",
"versionStartIncluding": "22.0.0"
},
{
"criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E79D1429-D66B-4A09-8375-B92D667D54A3",
"versionEndExcluding": "20.1.8"
},
{
"criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BBE00F06-73FB-4A8D-8C34-54517A08CA7A",
"versionEndExcluding": "21.2.12",
"versionStartIncluding": "21.0.0"
},
{
"criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF6B8BA0-F12A-4CD7-8B99-58F7B32ED08E",
"versionEndIncluding": "22.1.1",
"versionStartIncluding": "22.0.0"
}
],
"operator": "OR"
}
]
}
]