Article Details
Scrape Timestamp (UTC): 2025-07-29 04:51:52.591
Source: https://thehackernews.com/2025/07/cisa-adds-papercut-ngmf-csrf.html
Original Article Text
Click to Toggle View
CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security vulnerability impacting PaperCutNG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) bug that could result in remote code execution. "PaperCut NG/MF contains a cross-site request forgery (CSRF) vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code," CISA said in an alert. PaperCut NG/MF is commonly used by schools, businesses, and government offices to manage print jobs and control network printers. Because the admin console typically runs on internal web servers, an exploited vulnerability here could give attackers an easy foothold into broader systems if overlooked. In a potential attack scenario, a threat actor could leverage the flaw to target an admin user with a current login session, and deceive them into clicking on a specially crafted link that leads to unauthorized changes. It's currently not known how the vulnerability is being exploited in real-world attacks. But given that shortcomings in the software solution have been abused by Iranian nation-state actors as well as e-crime groups like Bl00dy, Cl0p, and LockBit ransomware for initial access, it's essential that users apply necessary updates, if not already. At the time of writing, no public proof-of-concept is available, but attackers could exploit the bug through a phishing email or a malicious site that tricks a logged-in admin into triggering the request. Mitigation requires more than patching—organizations should also review session timeouts, restrict admin access to known IPs, and enforce strong CSRF token validation. Pursuant to Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to update their instances to a patched version by August 18, 2025. Admins should cross-check with MITRE ATT&CK techniques like T1190 (Exploit Public-Facing Application) and T1071 (Application Layer Protocol) to align detection rules. For broader context, tracking PaperCut incidents in relation to ransomware entry points or initial access vectors can help shape long-term hardening strategies.
Daily Brief Summary
CISA has added a severe CSRF vulnerability in PaperCut NG/MF software to its KEV catalog due to active exploitation.
The bug, labeled CVE-2023-2533 with a CVSS score of 8.4, allows for potential remote code execution.
PaperCut NG/MF is widely utilized in educational institutions, businesses, and government entities for managing printing services.
Attackers can exploit this vulnerability by deceiving an admin into clicking a malicious link, which may lead to unauthorized configuration changes or arbitrary code execution.
There's no available public proof-of-concept, but the exploitation likely involves tricking a logged-in administrator via phishing or malicious websites.
Federal agencies are mandated to update their software to a secured version by August 18, 2025, as per Binding Operational Directive (BOD) 22-01.
Organizations are advised to patch the vulnerability, review session management, limit admin access based on IP, and enforce CSRF token validation.
Enhanced monitoring using MITRE ATT&CK tactics such as Exploit Public-Facing Application and Application Layer Protocol is recommended.