What is PaperCut NG/MF software?

PaperCut NG/MF is print management software widely deployed in educational institutions, corporate environments, and government facilities. It helps organizations monitor, control, and secure their printing infrastructure through centralized management capabilities.

What is CVE-2023-2533 and how severe is it?

CVE-2023-2533 is a cross-site request forgery (CSRF) vulnerability in PaperCut NG/MF with a CVSS score of 8.4, indicating high severity. This bug can be exploited to achieve remote code execution, allowing attackers to run malicious code on affected systems.

When was the patch for CVE-2023-2533 released?

The vendor released a patch for CVE-2023-2533 in June 2023. Despite the patch being available for over a year, CISA is now warning about active exploitation, indicating that many organizations have not yet applied the security update.

Why is the PaperCut vulnerability particularly dangerous?

PaperCut admin consoles typically run on internal web servers, so breaching one provides attackers with a foothold into broader organizational systems. This internal network access can be leveraged for lateral movement and accessing additional critical systems within the organization.

How many PaperCut servers are currently exposed online?

According to Shadowserver monitoring data, over 1,100 PaperCut MF and NG servers are currently exposed online. However, not all of these are necessarily vulnerable to CVE-2023-2533 attacks, as some may have been patched or configured differently.

What types of organizations use PaperCut NG/MF software?

PaperCut NG/MF software is widely deployed across educational institutions, corporate environments, and government facilities. These organizations use the software to manage their printing infrastructure, monitor usage, and implement print security policies.

Has CISA disclosed details about the ongoing attacks?

No, CISA has not disclosed specific details regarding the ongoing attacks or the threat actors involved. The agency has focused on alerting organizations about the active exploitation and urging immediate patching rather than providing attack attribution or technical details.

What should organizations do about the PaperCut vulnerability?

Organizations using PaperCut NG/MF should immediately apply available security patches for CVE-2023-2533 and review their systems for signs of compromise. They should also ensure their PaperCut installations are not unnecessarily exposed to the internet and implement proper network segmentation.

How can organizations check if they are vulnerable to CVE-2023-2533?

Organizations should check their PaperCut NG/MF version numbers against the vendor's security advisories to determine if they are running vulnerable versions. They should also review system logs for signs of compromise and ensure they have applied all security patches released since June 2023.

What is the attack potential of the PaperCut CSRF vulnerability?

The CSRF vulnerability in PaperCut NG/MF can lead to remote code execution, allowing attackers to execute arbitrary commands on the affected system. Given that PaperCut admin consoles typically have internal network access, successful exploitation can provide a pathway for attackers to move laterally within an organization's network infrastructure.

Attack

CISA warns of active exploitation of critical PaperCut flaw, mandates immediate patching

published: July 28, 2025

Take action: If you use PaperCut NG/MF print management software, make sure it's not exposed to the internet. Then immediately apply the security patch released in June 2023, because attackers are actively exploiting flaws in PaperCut. Check your systems for any signs of compromise, because you may have already been hacked.

Learn More

CISA is warning that threat actors are actively exploiting high-severity vulnerabilities in PaperCut NG/MF print management software.

The exploited vulnerability is tracked as CVE-2023-2533 (CVSS score 8.4) - a cross-site request forgery (CSRF) bug that could result in remote code execution. The vendor has released a patch in June 2023.

PaperCut admin consoles typically run on internal web servers, so breaching one will provide attackers with a foothold into broader organizational systems. The software is widely deployed in educational institutions, corporate environments, and government facilities. According to Shadowserver monitoring data, over 1,100 PaperCut MF and NG servers are currently exposed online, although not all are necessarily vulnerable to CVE-2023-2533 attacks.

CISA has not disclosed specific details regarding the ongoing attacks or the threat actors involved.

Organizations using PaperCut NG/MF should immediately apply available security patches and review their systems for signs of compromise.

CISA warns of active exploitation of critical PaperCut flaw, mandates immediate patching

Read More
The critical Erlang/OTP SSH flaw actively exploited targeting …
Critical nginx-ui Vulnerability CVE-2026-33032 Under Active Exploitation
Hackers Exploit Dell RecoverPoint Zero-Day to Deploy Stealthy …
FBI warns that Barracuda ESG appliances should be …
Microsoft SQL servers under attack, used to deploy …