Dear customers,
there has been a CERT advisory published regarding a security vulnerability of Erlang/OTP: https://inside-docupedia.bosch.com/confluence/x/2a_3UQE (Bosch internal)
https://www.cve.org/CVERecord?id=CVE-2025-32433 (Public CVE information)
This CVE affects outdated versions of Erlang/OTP that should be patched to the latest available versions. Erlang/OTP is e. g. used in RabbitMQ installations.
The Common Vulnerability Scoring System (CVSS) has assigned a 10 (out of 10) to this CVE as it allows remote unauthenticated code execution.
BCI is working with priority on a fix for this to provide the latest RabbitMQ and Erlang versions that can either be self-installed (detailed instructions will follow below this post) or installed together with the help of BCI.
Please reach out to Max Daub (BCI/PAP-PRM) if you are affected and need BCI support.
Thanks
Your BCI team