PaperCut MF/NG 22.0.10 (Build 65996 2023-03-27) - Remote code execution via CSRF
CVE-2023-2533
Key Information:
- Vendor
Papercut
- Status
- Vendor
- CVE Published:
- 20 June 2023
Badges
What is CVE-2023-2533?
CVE-2023-2533 is a critical vulnerability found in the PaperCut MF/NG software version 22.0.10 (Build 65996, released on March 27, 2023). PaperCut is a print management software widely used by organizations to manage printer usage, track print jobs, and optimize printing costs. This specific vulnerability arises from a Cross-Site Request Forgery (CSRF) flaw, which can allow attackers to manipulate security settings or execute arbitrary code if certain conditions are met. An attacker would need to target an administrator with an active session, potentially tricking them into clicking on a malicious link. Successful exploitation may lead to unauthorized changes within the PaperCut platform, posing a serious security threat to organizations relying on this software.
Potential impact of CVE-2023-2533
-
Unauthorized Access and Control: Exploiting this vulnerability could enable malicious actors to gain unauthorized administrative access to the PaperCut system, allowing them to change crucial security settings and control printing functionalities.
-
Data Breach Risks: With potential remote code execution capabilities, attackers could manipulate or extract sensitive data stored within the PaperCut environment, leading to serious data breaches and the exposure of confidential information.
-
System Integrity Compromise: If exploited, this vulnerability could result in significant disruptions to the organization's printing services, adversely affecting business operations and the overall integrity of internal document management systems.
CISA has reported CVE-2023-2533
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-2533 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
PaperCut NG/MF Windows 22.0.10 < 2.1.1
PaperCut NG/MF Windows 21.2.12
PaperCut NG/MF Windows 20.1.8
News Articles
DataconomyAn old PaperCut bug is now being actively exploited by hackers
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding active exploitation of a high-severity vulnerability,
3 weeks ago
Cyber PressCVE-2023-2533CISA Issues Warning on PaperCut RCE Vulnerability Targeted in Ongoing Attacks"
The vulnerability, designated CVE-2023-2533, was officially added to the National Vulnerability Database on July 28, 2025
3 weeks ago
GBHackers NewsCVE-2023-2533CISA Issues Alert on PaperCut RCE Vulnerability Under Active Exploitation
CISA has added a critical PaperCut vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitation attempts.
3 weeks ago
References
EPSS Score
57% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved