CISA Includes PaperCut NG/MF CSRF Vulnerability in KEV Catalog Due to Ongoing Exploits

 
Date: July 29, 2025
Category: Vulnerability / Software Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting PaperCut NG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog, highlighting its active exploitation. The vulnerability, identified as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) flaw that could lead to remote code execution. CISA warned that this vulnerability may allow attackers to modify security settings or execute arbitrary code in certain scenarios. Widely used in schools, businesses, and government offices, PaperCut NG/MF helps manage print jobs and control network printers. Given that the admin console typically operates on internal web servers, an exploited vulnerability could provide attackers with easy access to larger systems if left unattended.

CISA Adds High-Severity PaperCut NG/MF Vulnerability to KEV Catalog Amid Rising Exploits

On July 29, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially included a critical vulnerability affecting the PaperCut NG/MF print management software in its Known Exploited Vulnerabilities (KEV) catalog. This addition comes in response to confirmed instances of active exploitation, emphasizing the urgent need for users to address the identified risk. The vulnerability, designated as CVE-2023-2533, carries a CVSS score of 8.4, indicating its severity and potential impact.

CISA characterized the flaw as a cross-site request forgery (CSRF) vulnerability, which could enable remote code execution under specific circumstances. According to CISA’s advisory, such an exploit might allow malicious actors to manipulate security configurations or execute arbitrary code within affected systems. The PaperCut NG/MF software is prevalent among educational institutions, corporate entities, and government agencies for managing print tasks and regulating networked printers. Given that the administrative interface often operates on internal web servers, the exploitation of this specific vulnerability may offer attackers a gateway to infiltrate broader organizational networks, posing significant security threats.

The nature of the PaperCut NG/MF vulnerability raises the stakes for organizations utilizing this software. Schools, businesses, and public sector institutions are especially at risk, as the vulnerability can compromise sensitive data and systems if not promptly mitigated. As attackers continually refine their strategies, organizations must remain vigilant in safeguarding against such threats.

In terms of attack methodologies, the exploitation of this vulnerability may align with several tactics outlined in the MITRE ATT&CK framework. Initial access could be achieved through social engineering or phishing methods, leading to the deployment of CSRF attacks that manipulate user sessions. Once inside, an adversary might employ persistence techniques to maintain access or escalate privileges to gain greater control of vulnerable systems. Such capabilities underscore the necessity for organizations to enforce rigorous security practices and keep abreast of vulnerability updates.

Business owners must prioritize updating and securing their installations of PaperCut NG/MF to prevent potential exploitation. This situation serves as a stark reminder of the continuous evolution of cyber threats and the imperative to adopt proactive cybersecurity measures. The immediate risk associated with CVE-2023-2533 underlines the importance of maintaining robust security protocols, staff training, and timely software updates in safeguarding against potential breaches. As cybercriminals become increasingly sophisticated, the onus remains on organizations to adapt and fortify their defenses against emerging vulnerabilities.

Source link

Related Posts

Serious Mitel Vulnerability Allows Hackers to Bypass Login and Access MiVoice MX-ONE Systems

July 24, 2025
Vulnerability / Network Security

Mitel has issued security updates to fix a critical vulnerability in MiVoice MX-ONE that could enable attackers to bypass authentication measures. According to a recent advisory, “An authentication bypass vulnerability has been detected in the Provisioning Manager component of Mitel MiVoice MX-ONE. If exploited, this flaw could allow an unauthorized attacker to execute an authentication bypass due to faulty access control.” A successful exploitation could grant attackers unauthorized access to both user and admin accounts within the system.

This vulnerability, which has not yet been assigned a CVE identifier, has a CVSS score of 9.4 out of 10. It impacts MiVoice MX-ONE versions ranging from 7.3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14). Patches have been released under MXO-15711_78SP0 and MXO-15711_78SP1 for versions 7.8 and 7.8 SP1, respectively. Customers using MiVoice MX-ONE are encouraged to apply the updates promptly to mitigate the risk.

Major Vulnerabilities in Niagara Framework Endanger Global Smart Buildings and Industrial Systems

Cybersecurity researchers have identified more than a dozen security flaws within Tridium’s Niagara Framework that could allow network attackers to compromise the system under specific conditions. “These vulnerabilities are fully exploitable if a Niagara system is misconfigured, disabling encryption on certain network devices,” stated Nozomi Networks Labs in a recent report. “When linked together, they could permit an attacker with network access—possibly through a Man-in-the-Middle (MiTM) position—to take control of the Niagara system.” Developed by Tridium, a subsidiary of Honeywell, the Niagara Framework serves as a vendor-neutral platform for managing various devices from multiple manufacturers, including HVAC, lighting, energy management, and security, making it a critical component in building management, industrial automation, and smart infrastructure.

Wiz Identifies Critical Access Bypass Vulnerability in AI-Driven Base44 Coding Platform

July 29, 2025
LLM Security / Vulnerability

Cybersecurity researchers have revealed a recently patched critical security vulnerability in the popular AI-driven coding platform Base44. This flaw could enable unauthorized access to private applications created by its users. According to a report from cloud security firm Wiz, the vulnerability was alarmingly easy to exploit; an attacker merely needed to provide a non-secret ‘app_id’ at undocumented registration and email verification endpoints to create a verified account for private applications. This breach effectively bypassed all authentication mechanisms, including Single Sign-On (SSO) protections, granting full access to sensitive applications and data. Following responsible disclosure on July 9, 2025, Wix, the company that owns Base44, implemented an official fix within 24 hours. Fortunately, there is no evidence that this vulnerability was ever maliciously exploited in practice.

Hackers Target SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

July 30, 2025
Vulnerability / Threat Intelligence

Threat actors have been found exploiting a critical SAP NetWeaver vulnerability, now patched, to introduce the Auto-Color backdoor in an April 2025 attack on a U.S.-based chemicals firm. According to a report from Darktrace shared with The Hacker News, the attacker accessed the company’s network over three days, attempted to download suspicious files, and communicated with infrastructure associated with the Auto-Color malware. The vulnerability, identified as CVE-2025-31324, is a severe unauthenticated file upload flaw in SAP NetWeaver that allows remote code execution (RCE) and was fixed by SAP in April. Auto-Color, first reported by Palo Alto Networks Unit 42 in February, operates similarly to a remote access trojan, providing remote access to compromised Linux systems. It has been linked to attacks against universities and government entities in North America and Asia between November and December 2024.