CVE-2023-2533 — PaperCut NG/MF

PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability

Added to KEV

2025-07-28

Federal due date

2025-08-18

Vendor

PaperCut

Product

NG/MF

EPSS

97.2th percentile (score 0.363, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Unknown

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2023-2533

CISA short description

PaperCut NG/MF contains a cross-site request forgery (CSRF) vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code.

Required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.