No, RabbitMQ is not affected by CVE-2025-32433 (an Erlang SSH library CVE) #13796

michaelklishin · 2025-04-25T03:39:43Z

michaelklishin
Apr 25, 2025
Maintainer

RabbitMQ is Not Affected by CVE-2025-32433

RabbitMQ is not affected by CVE-2025-32433,
a vulnerability in the Erlang's SSH library. RabbitMQ does not use SSH, neither the server nor the client parts.

Team RabbitMQ's Erlang Packages Do Not Include SSH

Team RabbitMQ produces a zero dependency Erlang RPM
that does not include the SSH library since it is not used. Our Debian packages are split into multiple fine-grained components,
and the RabbitMQ installation guide skips SSH library installation.

Patched Versions Are Available

Team RabbitMQ's RPM repositories and Debian repositories were updated to include Erlang 27.3.3, 26.2.5.11 and 25.3.2.20.

For aarch64 (64-bit ARM) RPM packages, see rabbitmq/erlang-rpm releases.

For aarch64 (64-bit ARM) Debian packages of Erlang 26.2.5.11, see this Launchpad repository.

RabbitMQ community Docker image was also upgraded to Erlang 27.3.3 and 26.2.5.11 last week.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

No, RabbitMQ is not affected by CVE-2025-32433 (an Erlang SSH library CVE) #13796

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 0 comments

Select a reply

No, RabbitMQ is not affected by CVE-2025-32433 (an Erlang SSH library CVE) #13796

michaelklishin Apr 25, 2025 Maintainer

RabbitMQ is Not Affected by CVE-2025-32433

Team RabbitMQ's Erlang Packages Do Not Include SSH

Patched Versions Are Available

Replies: 0 comments

michaelklishin
Apr 25, 2025
Maintainer