RabbitMQ is not affected by CVE-2025-32433 (an Erlang/OTP CVE)

RabbitMQ is not affected by CVE-2025-32433 (an Erlang SSH library CVE)

RabbitMQ is not affected by CVE-2025-32433, a vulnerability in the Erlang's SSH library. RabbitMQ does not use SSH, neither the server nor the client parts.

Patched Erlang Releases

Our team did update our RPM repositories and Debian repositories to include Erlang 27.3.3, 26.2.5.11 and 25.3.2.20, the versions that contain a vulnerability patch.

For aarch64 (64-bit ARM) RPM packages, see rabbitmq/erlang-rpm.

RabbitMQ Community Docker Image

RabbitMQ community Docker image was also upgraded to Erlang 27.3.3 and 26.2.5.11 last week..com/docker-library/rabbitmq) was also upgraded to Erlang 27.3.3 and 26.2.5.11 last week.