CVE-2025-61601

High CVSS: 7.5

BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's `Choices` response type. By submitting a malicious payload with a massive array in the `answerIds` field, the attacker can cause the current meeting — and potentially all meetings on the server — to become unresponsive. Version 3.0.13 contains a patch. No known workarounds are available.

Vendor

Bigbluebutton

Product

Bigbluebutton

CWE

CWE-703

Yayın Tarihi

2025-10-09 21:15:39

Güncelleme

2025-10-20 15:33:21

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-703 Bigbluebutton HIGH Bigbluebutton 2025

Referanslar

https://github.com/bigbluebutton/bigbluebutton/pull/23662 https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-73j3-v3fq-fqx5 https://www.youtube.com/watch?v=BwROSVIYjOY https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-73j3-v3fq-fqx5 https://www.youtube.com/watch?v=BwROSVIYjOY

Benzer Kayıtlar

Medium

CVE-2026-27736

BigBlueButton is an open-source virtual classroom. In versions on the 3.x branch prior to 3.0.20, the string received wi…

High

CVE-2026-27466

BigBlueButton is an open-source virtual classroom. In versions 3.0.21 and below, the official documentation for "Server…

Low

CVE-2026-27467

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the m…

High

CVE-2025-61602

BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 a…

High

CVE-2025-55200

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.13, the "Shared Notes" feature contains a St…