Skip to main content
Learn more about our NEW login process here!
Thermo Fisher Scientific

Erlang OTP Vulnerability Does Not Affect OMNIC Paradigm Software

  1. Last updated
  2. Save as PDF
A vulnerability in the Erlang/OTP libraries used by OMNIC Paradigm for FTIR spectrometer communication was assessed. No SSH server runs in the RabbitMQ and Erlang/OTP configuration, eliminating exposure to the CVE vulnerability. RabbitMQ opens several documented ports, and Paradigm installs firewall entries for specific ports to ensure security. Customers are not at risk due to this configuration.

Issue

A vulnerability was reported in CVE-2025-32433 for the Erlang OTP porogram.  How does this affect the OMNIC Paradigm software, which installs Erlang OTP to support the RabbitMQ program.

Environment

OMNIC Paradigm

Resolution

The way that Erlang OTP is implemented for RabbitMQ and the Paradigm software there is no SSH server running, so the vulnerability reported in the CVE does not apply to the OMNIC Paradigm software, and the computer on which the software is installed is not exposed to the vulnerability.

 

Below is a letter from the Thermo Fisher Scientific software team explaining this information.

Analysis

Recently a vulnerability was identified in the Erlang/OTP set of libraries. OMNIC Paradigm makes use of these components as part of the instrument communication protocol used with our FTIR spectrometer products. We have conducted a thorough assessment to determine any risk associated with the installation and use of these products.


Our investigation has found that no SSH server is running in the our implementation of how RabbitMQ & Erlang/OTP is configured with our installation of OMNIC Paradigm. Additionally, a firewall can be configured to block inbound requests other than on required ports which are documented by RabbitMQ as for discovery and communication.


As there is no SSH server running customers are not exposed to the vulnerability as described in the CVE findings.


Technical Details:


When RabbitMQ starts up the following ports are opened:

  • TCP 4369 – this is documented as the peer discovery service
  • TCP 5672 – this is documented by RabbitMQ as used by AMQP clients (without TLS)
  • TCP 15672 – this is documented by RabbitMQ as the management UI
  • TCP 25672 – this is documented as the inter-node and CLI tools communication, and RabbitMQ advises that this port not be publicly accessible
  • UDP varies – Erlang opens this port briefly for logging purposes and then shuts it back down.
  • Installing Paradigm will create firewall entries for 5671, 5672, and 4369.

Details of the vulnerability can be found at:
https://nvd.nist.gov/vuln/detail/CVE-2025-32433.

Further information can be found on the RabbitMQ site.

https://www.rabbitmq.com/blog/2025/04/24/rabbitmq-is-not-affected-by-cve-2025-32433