7.5
CVE-2025-61601
- EPSS 0.07%
- Veröffentlicht 09.10.2025 20:29:25
- Zuletzt bearbeitet 20.10.2025 15:33:21
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's `Choices` response type. By submitting a malicious payload with a massive array in the `answerIds` field, the attacker can cause the current meeting — and potentially all meetings on the server — to become unresponsive. Version 3.0.13 contains a patch. No known workarounds are available.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
BigBlueButton ≫ BigBlueButton Version < 3.0.13
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.168 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-703 Improper Check or Handling of Exceptional Conditions
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.