CVE-2023-2533

Published Jun 20, 2023

Last updated 19 days ago

Exploit knownCVSS high 8.4
PaperCut

Overview

Description
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.
Source
help@fluidattacks.com
NVD status
Analyzed
Products
papercut_mf, papercut_ng

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability
Exploit added on
Jul 28, 2025
Exploit action due
Aug 18, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

help@fluidattacks.com
CWE-352
nvd@nist.gov
CWE-352

Social media

Hype score
Not currently trending

  1. CVE-2023-2533 PaperCut NG/MF contains a cross-site request forgery (CSRF) vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code.9 🫶 😮‍ https://t.co/95yTd7qMhN

    @GarriottL30473

    21 Aug 2025

    3 Impressions

    6 Retweets

    6 Likes

    0 Bookmarks

    9 Replies

    0 Quotes

  2. CVE-2023-2533 PaperCut NG/MF contains a cross-site request forgery (CSRF) vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code.

    @ZeroDayFacts

    21 Aug 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨CVE Alert: PaperCut MF/NG Remote code execution vulnerability via CSRF Exploited In The Wild🚨 Vulnerability Details: CVE-2023-2533(8.4/10) PaperCut MF/NG Remote code execution vulnerability Impact: A successful exploit may allow an attacker to perform unauthorized actio

    @CyberxtronTech

    30 Jul 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨Alert🚨 :CVE-2023-2533 : A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF 🔥EXP :https://t.co/4KtpK7WtVT 📊3M+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/HVDHt10A2y 👇Query HUNTER : htt

    @HunterMapping

    30 Jul 2025

    2677 Impressions

    10 Retweets

    55 Likes

    19 Bookmarks

    0 Replies

    0 Quotes

  5. PaperCutの脆弱性CVE-2023-2533が悪用される危険性について https://t.co/mlovo4ez0d #Security #セキュリティ #ニュース

    @SecureShield_

    30 Jul 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 Security Alert for Schools, Government Offices, and Businesses: A critical vulnerability in PaperCut NG/MF (CVE-2023-2533) is being actively exploited by ransomware gangs and state actors, allowing remote code execution and network breaches. We're diving into the details, h

    @Harborcoattech

    29 Jul 2025

    20735 Impressions

    3 Retweets

    9 Likes

    2 Bookmarks

    3 Replies

    0 Quotes

  7. CISA flags PaperCut RCE bug as exploited in attacks, patch now! CISA warns that threat actors are actively exploiting CVE-2023-2533, a high-severity vulnerability in PaperCut NG/MF print management software, which enables remote code execution via CSRF if an admin clicks a http

    @dCypherIO

    29 Jul 2025

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security vulnerability impacting PaperCutNG/MF CVE-2023-2533 #2025 #Infosec #BT https://t.co/M1azorYXEB https://t.co/tDYJZGomD7

    @brierandthorn

    29 Jul 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. La Agencia de Seguridad de Infraestructura y Ciberseguridad de Estados Unidos #CISA agregó el lunes una vulnerabilidad de seguridad de alta gravedad que afecta al software de gestión de impresión PaperCutNG/MF. CVE-2023-2533 #2025 #Infosec #BT https://t.co/eXj6AG8Uzx

    @BrierandThornMX

    29 Jul 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation. Tracked as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) bug that could result in remote code execution. https://t.co/AixmExGPws https://t.co/6Yc5V34bdy

    @riskigy

    29 Jul 2025

    78 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. csirt_it: ‼ #PaperCut: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2023-2533 relativa a PaperCutNG/MF Rischio: 🟡 Tipologia 🔸 Remote Code Execution 🔸 Tampering 🔗 https://t.co/RfUDsDW5cQ ⚠ Importante aggiornare i prodotti inte… https://t.c

    @Vulcanux_

    29 Jul 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. ‼ #PaperCut: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2023-2533 relativa a PaperCutNG/MF Rischio: 🟡 Tipologia 🔸 Remote Code Execution 🔸 Tampering 🔗 https://t.co/uFmNCVBYu3 ⚠ Importante aggiornare i prodotti interessati https://t.co/WFyn

    @csirt_it

    29 Jul 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CISA has identified a high-severity vulnerability (CVE-2023-2533) in PaperCut NG/MF software, allowing remote code execution via CSRF attacks. Over 100 million users are affected. https://t.co/sFRkH1lHx9

    @securityRSS

    29 Jul 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CISA added a severe vulnerability (CVE-2023-2533, CVSS 8.4) in PaperCutNG/MF software to its KEV catalog, citing active exploitation. This cross-site request forgery (CSRF) bug poses significant security risks.

    @thatsmokepit

    29 Jul 2025

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. PaperCut NG/MF vulnerability (CVE-2023-2533) actively exploited; patch immediately! CISA added to KEV catalog. #CyberSecurity #Vulnerability #TheHackerNews ~ Post By @0xarchit AI Agent

    @ArcNewsAi

    29 Jul 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨 CISA Flags PaperCut NG/MF Vulnerability CVE-2023-2533 added to KEV list — CSRF flaw actively exploited for remote code execution. 🔗 Read More: https://t.co/kndmsi4wVf #CyberSecurity #CISA #PaperCut #CVE20232533 #Ransomware #KEV #TechPIO #ZeroTrust https://t.co/KAT1gxh

    @techpio_team

    29 Jul 2025

    111 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. A critical CSRF vulnerability (CVE-2023-2533) in PaperCut NG/MF is actively exploited, risking remote code execution. Threat actors like LockBit and Iranian groups may target affected systems. #PaperCut #CISA #Iran https://t.co/as7iQwrpyM

    @TweetThreatNews

    29 Jul 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 📌 أضافت وكالة الأمن السيبراني والبنية التحتية الأمريكية (CISA) ثغرة أمنية عالية الخطورة في برنامج إدارة الطباعة PaperCutNG/MF إلى سجل الثغرات المستغلة المعروفة

    @Cybercachear

    29 Jul 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 CISA just confirmed active exploitation of a critical PaperCut bug (CVE-2023-2533) — attackers can hijack admin sessions to run code remotely. It’s being used by ransomware gangs right now. Patch before August 18 or risk breach. Full details → https://t.co/WFS5Kh3c1

    @TheHackersNews

    29 Jul 2025

    15888 Impressions

    47 Retweets

    114 Likes

    14 Bookmarks

    3 Replies

    2 Quotes

  20. PaperCutのRCE脆弱性CVE-2023-2533の影響と対策 https://t.co/7iW1iJadYV #Security #セキュリティ #ニュース

    @SecureShield_

    29 Jul 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🚨 CISA alerta sobre explotación activa de la vulnerabilidad CVE-2023-2533 en PaperCut NG/MF. Permite RCE vía CSRF. Parchea antes del 18 de agosto. #PaperCut #CISA #SISAPNew https://t.co/ja1ViTFYWs

    @SISAP_LATAM

    28 Jul 2025

    75 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. CISA alerts that CVE-2023-2533 in PaperCut NG/MF is being exploited via CSRF, risking remote code execution. Over 100M users across 70,000+ organizations, including US federal agencies, are impacted. #PatchNow #US #PrintSecurity https://t.co/35rrxNqeIy

    @TweetThreatNews

    28 Jul 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. CISA warns of acute exploitation of PaperCut NG - CVE-2023-2533 PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability We've added a PaperCut NG decoy into the free decoys, go deploy yours now 👉https://t.co/GXFaqggV8a https://t.co/oeBApvFpRE

    @DefusedCyber

    28 Jul 2025

    2327 Impressions

    3 Retweets

    6 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  24. CISA warns of acute exploitation of PaperCut NG - CVE-2023-2533 PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability We've added a PaperCut NG decoy into the free decoys, go deploy yours now @DefusedCyber https://t.co/MyjtCk0Ozg

    @SimoKohonen

    28 Jul 2025

    428 Impressions

    1 Retweet

    6 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. 🛡️ We added PaperCut and Cisco vulnerabilities CVE-2023-2533, CVE-2025-20281, & CVE-2025-20337 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.c

    @CISACyber

    28 Jul 2025

    400 Impressions

    1 Retweet

    5 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

Configurations

Related CVEs

  1. A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be used to execute specially created JavaScript payloads in the browser. A user must click on a malicious link for this issue to occur.CVE-2024-9672
  2. An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack. Note: This CVE has been split from CVE-2024-4712.CVE-2024-8405
  3. An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. Important: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server. Update: This CVE has been updated in May 2025 to update the fixed version and fix process. Please refer to the May 2025 Security Bulletin. Note: This CVE has been split from CVE-2024-3037.CVE-2024-8404
  4. An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the image-handler process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can lead to local privilege escalation. Note: This CVE has been split into two (CVE-2024-4712 and CVE-2024-8405) and it’s been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard network users on the host server.CVE-2024-4712
  5. An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server. Important: In most installations, this risk is mitigated by the default Windows Server configuration, which typically restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log in to the local console of the Windows environment hosting the PaperCut NG/MF application server. Note: This CVE has been split into two separate CVEs (CVE-2024-3037 and CVE-2024-8404) and it’s been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard users on the host server.CVE-2024-3037

References

Sources include official advisories and independent security research.