CVE-2025-61601

Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 3.0.13

Description BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) issue exists that allows any authenticated user to freeze or crash the server by abusing the polling feature's Choices response type. An attacker can submit a malicious payload with a massive array in the answerIds field, causing the current meeting – and potentially all meetings on the server – to become unresponsive. The attack leverages the answerIds field to overwhelm the server's processing capabilities.

Recommendations Update to version 3.0.13 or later.