Is RabbitMQ affected due to CVE-2025-32433

[graorane]

Community Support Policy

• I have read RabbitMQ's Community Support Policy
• I run RabbitMQ 4.x, the only series currently covered by community support
• I promise to provide all relevant information (versions, logs from all nodes, rabbitmq-diagnostics output, detailed reproduction steps)

RabbitMQ version used

4.1.0

Erlang version used

27.2.x

Operating system (distribution) used

Windows as well as Linux

How is RabbitMQ deployed?

Other

rabbitmq-diagnostics status output

Not applicable for question that is asked.

Logs from node 1 (with sensitive values edited out)

Not applicable for question that is asked.

Logs from node 2 (if applicable, with sensitive values edited out)

See https://www.rabbitmq.com/docs/logging to learn how to collect logs

# PASTE LOG HERE, BETWEEN BACKTICKS

Logs from node 3 (if applicable, with sensitive values edited out)

See https://www.rabbitmq.com/docs/logging to learn how to collect logs

# PASTE LOG HERE, BETWEEN BACKTICKS

rabbitmq.conf

See https://www.rabbitmq.com/docs/configure#config-location to learn how to find rabbitmq.conf file location

# PASTE rabbitmq.conf HERE, BETWEEN BACKTICKS

Steps to deploy RabbitMQ cluster

Not applicable for question that is asked.

Steps to reproduce the behavior in question

Not applicable for question that is asked.

advanced.config

See https://www.rabbitmq.com/docs/configure#config-location to learn how to find advanced.config file location

# PASTE advanced.config HERE, BETWEEN BACKTICKS

Application code

# PASTE CODE HERE, BETWEEN BACKTICKS

Kubernetes deployment file

# Relevant parts of K8S deployment that demonstrate how RabbitMQ is deployed
# PASTE YAML HERE, BETWEEN BACKTICKS

What problem are you trying to solve?

Is CVE-2025-32433 applicable to RabbitMQ

[michaelklishin]

RabbitMQ does not use SSH in any way.

Even then, our Erlang packages (both RPM and Debian) have been updated to provide 27.3.3, 26.2.5.11, and even 25.3.2.20 last week.