CVE-2023-2533

Published Jun 20, 2023

Last updated 20 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2023-2533 is a Cross-Site Request Forgery (CSRF) vulnerability affecting PaperCut NG/MF print management solutions. It stems from a security flaw that could allow attackers to manipulate system configurations and potentially gain unauthorized access to organizational networks. Under specific conditions, this vulnerability could enable an attacker to alter security settings or execute arbitrary code. Exploitation typically involves deceiving an administrator with an active login session into clicking a specially crafted, malicious link, potentially leading to unauthorized changes. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating that it is being actively exploited in the wild.

Description
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.
Source
help@fluidattacks.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability
Exploit added on
Jul 28, 2025
Exploit action due
Aug 18, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

help@fluidattacks.com
CWE-352
nvd@nist.gov
CWE-352

Social media

Hype score
Not currently trending
  1. 🚨CVE Alert: PaperCut MF/NG Remote code execution vulnerability via CSRF Exploited In The Wild🚨 Vulnerability Details: CVE-2023-2533(8.4/10) PaperCut MF/NG Remote code execution vulnerability Impact: A successful exploit may allow an attacker to perform unauthorized actio

    @CyberxtronTech

    30 Jul 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨Alert🚨 :CVE-2023-2533 : A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF 🔥EXP :https://t.co/4KtpK7WtVT 📊3M+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/HVDHt10A2y 👇Query HUNTER : htt

    @HunterMapping

    30 Jul 2025

    2677 Impressions

    10 Retweets

    55 Likes

    19 Bookmarks

    0 Replies

    0 Quotes

  3. PaperCutの脆弱性CVE-2023-2533が悪用される危険性について https://t.co/mlovo4ez0d #Security #セキュリティ #ニュース

    @SecureShield_

    30 Jul 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Security Alert for Schools, Government Offices, and Businesses: A critical vulnerability in PaperCut NG/MF (CVE-2023-2533) is being actively exploited by ransomware gangs and state actors, allowing remote code execution and network breaches. We're diving into the details, h

    @Harborcoattech

    29 Jul 2025

    20735 Impressions

    3 Retweets

    9 Likes

    2 Bookmarks

    3 Replies

    0 Quotes

  5. CISA flags PaperCut RCE bug as exploited in attacks, patch now! CISA warns that threat actors are actively exploiting CVE-2023-2533, a high-severity vulnerability in PaperCut NG/MF print management software, which enables remote code execution via CSRF if an admin clicks a http

    @dCypherIO

    29 Jul 2025

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security vulnerability impacting PaperCutNG/MF CVE-2023-2533 #2025 #Infosec #BT https://t.co/M1azorYXEB https://t.co/tDYJZGomD7

    @brierandthorn

    29 Jul 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. La Agencia de Seguridad de Infraestructura y Ciberseguridad de Estados Unidos #CISA agregó el lunes una vulnerabilidad de seguridad de alta gravedad que afecta al software de gestión de impresión PaperCutNG/MF. CVE-2023-2533 #2025 #Infosec #BT https://t.co/eXj6AG8Uzx

    @BrierandThornMX

    29 Jul 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation. Tracked as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) bug that could result in remote code execution. https://t.co/AixmExGPws https://t.co/6Yc5V34bdy

    @riskigy

    29 Jul 2025

    78 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. csirt_it: ‼ #PaperCut: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2023-2533 relativa a PaperCutNG/MF Rischio: 🟡 Tipologia 🔸 Remote Code Execution 🔸 Tampering 🔗 https://t.co/RfUDsDW5cQ ⚠ Importante aggiornare i prodotti inte… https://t.c

    @Vulcanux_

    29 Jul 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. ‼ #PaperCut: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2023-2533 relativa a PaperCutNG/MF Rischio: 🟡 Tipologia 🔸 Remote Code Execution 🔸 Tampering 🔗 https://t.co/uFmNCVBYu3 ⚠ Importante aggiornare i prodotti interessati https://t.co/WFyn

    @csirt_it

    29 Jul 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CISA has identified a high-severity vulnerability (CVE-2023-2533) in PaperCut NG/MF software, allowing remote code execution via CSRF attacks. Over 100 million users are affected. https://t.co/sFRkH1lHx9

    @securityRSS

    29 Jul 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CISA added a severe vulnerability (CVE-2023-2533, CVSS 8.4) in PaperCutNG/MF software to its KEV catalog, citing active exploitation. This cross-site request forgery (CSRF) bug poses significant security risks.

    @thatsmokepit

    29 Jul 2025

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. PaperCut NG/MF vulnerability (CVE-2023-2533) actively exploited; patch immediately! CISA added to KEV catalog. #CyberSecurity #Vulnerability #TheHackerNews ~ Post By @0xarchit AI Agent

    @ArcNewsAi

    29 Jul 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 CISA Flags PaperCut NG/MF Vulnerability CVE-2023-2533 added to KEV list — CSRF flaw actively exploited for remote code execution. 🔗 Read More: https://t.co/kndmsi4wVf #CyberSecurity #CISA #PaperCut #CVE20232533 #Ransomware #KEV #TechPIO #ZeroTrust https://t.co/KAT1gxh

    @techpio_team

    29 Jul 2025

    111 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. A critical CSRF vulnerability (CVE-2023-2533) in PaperCut NG/MF is actively exploited, risking remote code execution. Threat actors like LockBit and Iranian groups may target affected systems. #PaperCut #CISA #Iran https://t.co/as7iQwrpyM

    @TweetThreatNews

    29 Jul 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 📌 أضافت وكالة الأمن السيبراني والبنية التحتية الأمريكية (CISA) ثغرة أمنية عالية الخطورة في برنامج إدارة الطباعة PaperCutNG/MF إلى سجل الثغرات المستغلة المعروفة

    @Cybercachear

    29 Jul 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🚨 CISA just confirmed active exploitation of a critical PaperCut bug (CVE-2023-2533) — attackers can hijack admin sessions to run code remotely. It’s being used by ransomware gangs right now. Patch before August 18 or risk breach. Full details → https://t.co/WFS5Kh3c1

    @TheHackersNews

    29 Jul 2025

    15888 Impressions

    47 Retweets

    114 Likes

    14 Bookmarks

    3 Replies

    2 Quotes

  18. PaperCutのRCE脆弱性CVE-2023-2533の影響と対策 https://t.co/7iW1iJadYV #Security #セキュリティ #ニュース

    @SecureShield_

    29 Jul 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 CISA alerta sobre explotación activa de la vulnerabilidad CVE-2023-2533 en PaperCut NG/MF. Permite RCE vía CSRF. Parchea antes del 18 de agosto. #PaperCut #CISA #SISAPNew https://t.co/ja1ViTFYWs

    @SISAP_LATAM

    28 Jul 2025

    75 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CISA alerts that CVE-2023-2533 in PaperCut NG/MF is being exploited via CSRF, risking remote code execution. Over 100M users across 70,000+ organizations, including US federal agencies, are impacted. #PatchNow #US #PrintSecurity https://t.co/35rrxNqeIy

    @TweetThreatNews

    28 Jul 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. CISA warns of acute exploitation of PaperCut NG - CVE-2023-2533 PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability We've added a PaperCut NG decoy into the free decoys, go deploy yours now 👉https://t.co/GXFaqggV8a https://t.co/oeBApvFpRE

    @DefusedCyber

    28 Jul 2025

    2327 Impressions

    3 Retweets

    6 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  22. CISA warns of acute exploitation of PaperCut NG - CVE-2023-2533 PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability We've added a PaperCut NG decoy into the free decoys, go deploy yours now @DefusedCyber https://t.co/MyjtCk0Ozg

    @SimoKohonen

    28 Jul 2025

    428 Impressions

    1 Retweet

    6 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. 🛡️ We added PaperCut and Cisco vulnerabilities CVE-2023-2533, CVE-2025-20281, & CVE-2025-20337 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.c

    @CISACyber

    28 Jul 2025

    400 Impressions

    1 Retweet

    5 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

Configurations