CVE-2025-62781

Name of the Vulnerable Software and Affected Versions PILOS versions prior to 4.8.0

Description PILOS, a frontend for BigBlueButton, contains a flaw where changing a local user’s password does not invalidate existing session tokens, except for the current session. An attacker who previously obtained a valid session token can maintain access even after the user changes their password. The issue occurs because the current session’s token remains valid after the password change. This allows continued unauthorized access as the user.

Recommendations Update to version 4.8.0 or later.