CVE-2025-61602

Medienbericht

Exploit

EPSS 0.36%
Veröffentlicht 09.10.2025 20:40:04
Zuletzt bearbeitet 20.10.2025 15:36:03
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

BigBlueButton vulnerable to Chat DoS via invalid reactionEmojiId

Chat DoS via invalid reactionEmojiId in BigBlueButton

Reacting to messages can make the chat unusable.

BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed `reactionEmojiId` in the GraphQL mutation `chatSendMessageReaction`. Version 3.0.13 contains a patch. No known workarounds are available.

Mögliche Gegenmaßnahme

Server: There are no workarounds. We recommend upgrading to a patched version of BigBlueButton.

Server: Install latest version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 3

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

BigBlueButton ≫ BigBlueButton Version < 3.0.13

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemBigBlueButton

≫

Produkt Server

Version < 3.0.13

SystemBigBlueButton

≫

Produkt Server

Version < 3.0.13

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.275

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-703 Improper Check or Handling of Exceptional Conditions

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

13.10.2025 12:27

https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-45j2-m26c-3pcm

Vendor Advisory

Exploit

https://github.com/bigbluebutton/bigbluebutton/pull/23651

Patch

Issue Tracking

https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-45j2-m26c-3pcm

Third Party Advisory

https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-5m8m-h7fj-8wx6

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-61602

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-61602

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-61602

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-61602