CVE-2023-2533 - PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability
Project:PaperCut
Product:NG/MF
Date Added:2025-07-28Due Date:2025-08-18
Vulnerability Name
PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability
Description
PaperCut NG/MF contains a cross-site request forgery (CSRF) vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://www.papercut.com/kb/Main/SecurityBulletinJune2023
https://nvd.nist.gov/vuln/detail/CVE-2023-2533
Related News Articles
CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active ExploitationJuly 29, 2025
CISA flags PaperCut RCE bug as exploited in attacks, patch nowJuly 29, 2025