US Cert Alert – Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG


  • ransom-4


The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-27350. 

This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF and enables an unauthenticated actor to execute malicious code remotely without credentials. 

PaperCut released a patch in March 2023. 

According to FBI observed information, malicious actors exploited CVE-2023-27350 beginning in mid-April 2023 and continuing through the present. 

In early May 2023, also according to FBI information, a group self-identifying as the Bl00dy Ransomware Gang attempted to exploit vulnerable PaperCut servers against the Education Facilities Subsector. 

SkyWatchSM Alert Legend

  • small-bell


  • active-threat0-lt-green

    Active Threat

  • malware-lt-green


  • ransome-lt-green


  • warning-green


  • file-green


Glesec Information Sharing Protocol

GLESEC CYBER SECURITY INCIDENT REPORTS are in compliance with the U.S. Department of Homeland Security (DHS) Traffic-Light Protocol (TLP).

  • TLP-White

    Disclosure is Not Limited.

  • TLP-Green

    Limited Disclosure, Restricted Only to the Community.

  • TLP-Amber

    Limited Disclosure, restricted to the Participant's Organization.

  • TLP-Red

    Not for Disclosure, Restricted/ Classified - Only Shared with US DHS.

Discover Glesec.

Authority. Consistency.

Sign-up today for SkywatchSM Alerts.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.