PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability — CVE-2023-2533

Summary

Advisory CVE-2023-2533. PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability Vendor: PaperCut. Source: CISA-KEV. Threat: high. Known exploited in the wild. See the official advisory for details.

What to do

General, cautious steps (verify details in the official source):

• Prioritize patching or mitigation immediately (treat as actively risky).
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Check logs/telemetry for indicators of compromise and suspicious activity.
• Consider temporary hardening: restrict access, reduce attack surface, and monitor aggressively.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• PaperCut MF/NG Improper Access Control Vulnerability CVE-2023-27350
• Cisco Identity Services Engine Injection Vulnerability CVE-2025-20337
• Cisco Identity Services Engine Injection Vulnerability CVE-2025-20281
• Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability CVE-2026-20127
• Cisco SD-WAN Path Traversal Vulnerability CVE-2022-20775
• Soliton Systems K.K FileZen OS Command Injection Vulnerability CVE-2026-25108
• RoundCube Webmail Cross-site Scripting Vulnerability CVE-2025-68461
• RoundCube Webmail Deserialization of Untrusted Data Vulnerability CVE-2025-49113
• Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability CVE-2026-22769
• GitLab Server-Side Request Forgery (SSRF) Vulnerability CVE-2021-22175
• Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability CVE-2008-0015
• Google Chromium CSS Use-After-Free Vulnerability CVE-2026-2441