CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation

On July 20, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high-severity security vulnerability affecting PaperCut NG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2023-2533 with a CVSS score of 8.4, is a Cross-Site Request Forgery (CSRF) bug that enables attackers to perform unauthorized actions on behalf of authenticated users. Evidence of active exploitation in the wild has been observed, underscoring the urgency for organizations to address this issue.

PaperCut NG/MF is widely deployed in enterprise environments for print management, making this vulnerability particularly concerning. CSRF vulnerabilities exploit the trust that a web application places in a user's browser. In this scenario, an attacker could craft a malicious link that, when clicked by an authenticated user, would execute actions within the PaperCut software as if the user themselves had performed them. This could lead to unauthorized access to sensitive data, modification of system settings, or even execution of arbitrary commands.

The addition of this vulnerability to CISA's KEV catalog highlights its severity and the immediate threat it poses. Given that active exploitation has been observed, organizations using PaperCut NG/MF must prioritize patching their systems to mitigate this risk. Additionally, organizations should review their logs for any signs of exploitation and consider implementing additional security measures, such as network segmentation and the use of CSRF tokens, to further protect against potential attacks.

From a broader cybersecurity perspective, this incident serves as a reminder of the importance of addressing CSRF vulnerabilities, which are often underestimated compared to other types of vulnerabilities. Enterprises must ensure that their web applications are protected against such attacks by implementing robust security controls and educating users about the risks associated with clicking on untrusted links.

In conclusion, the active exploitation of CVE-2023-2533 in PaperCut NG/MF software underscores the critical need for organizations to apply patches promptly and to enhance their security posture against CSRF attacks. Cybersecurity professionals should remain vigilant and proactive in their vulnerability management practices to safeguard against such threats.