HIGHRemediated

CVE-2025-4891

Erlang distribution protocol authentication bypass

Technology

RabbitMQ

CVSS Score

8.1 / 10.0

Affected Versions

3.11.0 – 3.11.28

Patched In

OSSeva for RabbitMQ 3.11.28-osseva-1

Published

July 8, 2025

Remediated

July 22, 2025 (8mo ago)

Description

A timing side-channel in the Erlang cookie comparison used for RabbitMQ cluster node authentication allows an attacker with network access to the distribution port to potentially recover the cluster cookie through repeated timing measurements.

Is your RabbitMQ deployment affected?

If you're running 3.11.0 – 3.11.28, you need this patch. Book a discovery call to get covered.

Book a discovery call View RabbitMQ coverage →