vulnerability

PaperCut MF: CVE-2024-1654: Permissive List of Allowed Inputs

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:M/C:C/I:C/A:C)	Mar 14, 2024	Apr 22, 2025	Nov 17, 2025

Severity

CVSS

(AV:N/AC:L/Au:M/C:C/I:C/A:C)

Published

Mar 14, 2024

Added

Apr 22, 2025

Modified

Nov 17, 2025

Description

This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this.

Solution

papercut-mf-upgrade-latest

References

CWE-183
CVE-2024-1654
https://attackerkb.com/topics/CVE-2024-1654
URL-https://www.papercut.com/kb/Main/Security-Bulletin-March-2024

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today