No, RabbitMQ is not affected by CVE-2025-32433 (an Erlang SSH library CVE) #13796
Pinned
michaelklishin
announced in
Maintainer announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
RabbitMQ is Not Affected by CVE-2025-32433
RabbitMQ is not affected by CVE-2025-32433,
a vulnerability in the Erlang's SSH library. RabbitMQ does not use SSH, neither the server nor the client parts.
Team RabbitMQ's Erlang Packages Do Not Include SSH
Team RabbitMQ produces a zero dependency Erlang RPM
that does not include the SSH library since it is not used. Our Debian packages are split into multiple fine-grained components,
and the RabbitMQ installation guide skips SSH library installation.
Patched Versions Are Available
Team RabbitMQ's RPM repositories and Debian repositories were updated to include Erlang
27.3.3,26.2.5.11and25.3.2.20.For aarch64 (64-bit ARM) RPM packages, see
rabbitmq/erlang-rpmreleases.For aarch64 (64-bit ARM) Debian packages of Erlang
26.2.5.11, see this Launchpad repository.RabbitMQ community Docker image was also upgraded to Erlang
27.3.3and26.2.5.11last week.Beta Was this translation helpful? Give feedback.
All reactions