Ethical Hacking News
CISA flags PaperCut RCE bug as exploited in attacks, patch now. A high-severity vulnerability in the PaperCut NG/MF print management software has been identified by CISA. The vulnerability allows threat actors to gain remote code execution via a cross-site request forgery (CSRF) attack. Over 100 million users are affected by this widely used software. Organizations must prioritize patching this actively exploited security bug as soon as possible.
CISA has flagged a PaperCut RCE bug as exploited in attacks, urging organizations to patch now. The vulnerability allows threat actors to gain remote code execution in cross-site request forgery (CSRF) attacks. Over 100 million users rely on PaperCut NG/MF print management software worldwide. The security flaw was patched in June 2023, but CISA warns that it remains actively exploited. CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog and urges federal agencies to patch by August 18. Non-profit security organization Shadowserver tracks over 1,100 exposed PaperCut MF and NG servers online. PaperCut flaws have been exploited by ransomware gangs in the past.
By Sergiu Gatlan
July 28, 2025
12:59 PM
0
CISA warns that threat actors are exploiting a high-severity vulnerability in PaperCut NG/MF print management software, which can allow them to gain remote code execution in cross-site request forgery (CSRF) attacks.
The software developer says that more than 100 million users use its products across over 70,000 organizations worldwide. This alarming figure highlights the vast potential impact of a bug in such widely used software.
The security flaw (tracked as CVE-2023-2533 and patched in June 2023) can allow an attacker to alter security settings or execute arbitrary code if the target is an admin with a current login session, and successful exploitation typically requires tricking an admin into clicking a maliciously crafted link.
CISA has yet to share details regarding these ongoing attacks, but it has added the vulnerability to its Known Exploited Vulnerabilities Catalog, giving Federal Civilian Executive Branch (FCEB) agencies three weeks to patch their systems by August 18, as mandated by the November 2021 Binding Operational Directive (BOD) 22-01.
While BOD 22-01 targets U.S. federal agencies, the cybersecurity agency encourages all organizations, including those in the private sector, to prioritize patching this actively exploited security bug as soon as possible.
"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA cautioned on Monday.
Non-profit security organization Shadowserver currently tracks over 1,100 PaperCut MF and NG servers that are exposed online, although not all are vulnerable to CVE-2023-2533 attacks.
PaperCut flaws exploited by ransomware gangs
Although CISA has no evidence that CVE-2023-2533 is being targeted in ransomware attacks, PaperCut servers have been previously breached by ransomware gangs in 2023 by exploiting a critical, unauthenticated remote code execution (RCE) vulnerability (CVE–2023–27350) and a high-severity information disclosure flaw (CVE–2023–27351).
In April 2023, Microsoft linked the attacks targeting PaperCut servers to the LockBit and Clop ransomware gangs, who used their access to compromised systems to steal corporate data.
Almost two weeks later, Microsoft also revealed that Iranian state-backed hacking groups (tracked as Muddywater and APT35) also joined the attacks. As the company explained at the time, the threat actors exploited the 'Print Archiving' feature, which is designed to save all documents sent through PaperCut printing servers.
CISA added CVE-2023–27350 to its catalog of actively exploited vulnerabilities on April 21, 2023, ordering U.S. federal agencies to secure their servers by May 12, 2023.
One month later, CISA and the FBI issued a joint advisory warning that the Bl00dy Ransomware gang had also begun exploiting the CVE-2023–27350 RCE vulnerability to gain initial access to the networks of educational organizations.
The Board Report Deck CISOs Actually Use
CISOs know that getting board buy-in starts with a clear, strategic view of how cloud security drives business value.
This free, editable board report deck helps security leaders present risk, impact, and priorities in clear business terms. Turn security updates into meaningful conversations and faster decision-making in the boardroom.
Download the template to get started today
Related Articles:
Cisco: Maximum-severity ISE RCE flaws now exploited in attacksHackers are exploiting critical RCE flaw in Wing FTP ServerHacker selling critical Roundcube webmail exploit as tech info disclosedOver 84,000 Roundcube instances vulnerable to actively exploited flawHackers are exploiting critical flaw in vBulletin forum software
Actively Exploited
CISA
CSRF
PaperCut
RCE
Remote Code Execution
Actively Exploited
CISA
CSRF
PaperCut
RCE
Remote Code Execution
Sergiu Gatlan
Sergiu is a news reporter who has covered the latest cybersecurity and technology developments for over a decade. Email or Twitter DMs for tips.
Previous Article
Next Article
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now.
You may also like:
Popular Stories
Allianz Life confirms data breach impacts majority of 1.4 million customers
Scattered Spider is running a VMware ESXi hacking spree)
Microsoft lifts Windows 11 update block for Easy Anti-Cheat users
Sponsor Posts
Overdue a password health-check? Audit your Active Directory for free
Overdue a password health-check? Audit your Active Directory for free
Stop PowerShell, USBs, and unknown apps—explore ThreatLocker allowlisting
Stay out of the news by finding API flaws before attackers do. Try Intruder for free today.
Can you trust your extensions? Discover Koi’s zero-trust approach to software security
Follow us:
Main Sections
News
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary
Community
Forums
Forum Rules
Chat.
Useful Resources
Welcome Guide
Sitemap.
Company
About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog
Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure
Copyright @ 2003 - 2025 Bleeping Computer® LLC - All Rights Reserved
Login
Username
Password
Remember Me
Sign in anonymously
Sign in with Twitter
Not a member yet? Register Now
Reporter
Help us understand the problem. What is going on with this comment?
Spam
Abusive or Harmful
Inappropriate content
Strong language
Other
Read our posting guidelinese to learn what content is prohibited.
Submitting...
SUBMIT
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Warnings-PaperCut-RCE-Bug-Exploited-in-Attacks-Patching-Urgently-Advised-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisa-flags-papercut-rce-bug-as-exploited-in-attacks-patch-now/
Published: Mon Jul 28 19:47:12 2025 by llama3.2 3B Q4_K_M
