CVE-2025-55200

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 3.0.13

Description BigBlueButton, an open-source virtual classroom, has a Stored Cross-Site Scripting (XSS) issue in the "Shared Notes" feature. The input location for this issue is the Username field, and the output is displayed on the "Shared Notes" page when a user with a malicious username edits content. This allows a low-privileged user to execute arbitrary JavaScript in the context of higher-privileged users, such as Admins, who open the "Shared Notes" page.

Recommendations Update to BigBlueButton version 3.0.13 or later.

Exploit

Fix

XSS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-119

Related Identifiers

BDU:2025-12792

CVE-2025-55200

GHSA-9JV9-CJRM-GRJ2

Affected Products

Bigbluebutton

CVE-2025-55200

Weakness Enumeration

Related Identifiers

Affected Products

References · 13