The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-2533, a critical PaperCut NG/MF print management software vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. Attackers are actively exploiting this cross-site request forgery (CSRF) flaw in the wild. Review this Cybersecurity Threat Advisory to ensure you are protected from this vulnerability.
What is the threat?
CVE-2023-2533 is a CSRF vulnerability affecting PaperCut NG/MF versions prior to 22.1.1, 21.2.12, and 20.1.8. An attacker can exploit it by tricking a logged-in administrator into clicking a malicious link, potentially leading to arbitrary code execution or unauthorized security changes. Since PaperCut NG/MF often runs on internal servers managing network printers, this flaw could provide a foothold into internal systems. With a CVSS score of 8.4, it poses a significant risk by potentially bypassing perimeter defenses.
Why is it noteworthy?
Over 100 million users across 70,000+ organizations—including schools, enterprises, and government agencies—rely on PaperCut NG/MF. Threat actors, including ransomware groups like LockBit, Cl0p, and Bl00dy, have exploited vulnerabilities in the platform to gain initial access. The active exploitation of this flaw, combined with its potential for remote code execution (RCE), presents a serious risk if left unpatched.
What is the exposure or risk?
Organizations with unpatched PaperCut NG/MF deployments face serious risks, including remote compromise of administrative accounts, unauthorized changes to security settings and access controls, lateral movement within the network, and potential data theft, service disruption, or ransomware attacks. With approximately 1,000 PaperCut instances exposed to the internet, attackers have a broad surface for opportunistic exploitation.
What are the recommendations?
Barracuda strongly recommends organizations to take these additional steps to reduce the risk of exploitation and protect their critical infrastructure:
- Upgrade to PaperCut NG/MF versions 22.1.1, 21.2.12, or 20.1.8 (or later) to remediate CVE-2023-2533.
- Limit access to the PaperCut admin console by IP address and implement network segmentation to reduce exposure.
- Shorten session timeouts for admin accounts and enforce proper CSRF token validation.
- Check for anomalous admin actions, changes in security settings, or evidence of backdoor installation.
- Remind privileged users to avoid clicking suspicious links, especially when logged into admin interfaces.
- Enforce multi-factor authentication on accounts with access to PaperCut servers and other critical systems.
References
For more in-depth information about the recommendations, please visit the following links:
- https://thehackernews.com/2025/07/cisa-adds-papercut-ngmf-csrf.html
- https://www.securityweek.com/organizations-warned-of-exploited-papercut-flaw/
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.