4 matches found
CVE-2025-61601 BigBlueButton vulnerable to DoS via PollSubmitVote GraphQL mutation
BigBlueButton is an open-source virtual classroom. A Denial of Service DoS vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's Choices response type. By submitting a malicious payload with a massive array in...
CVE-2025-61601 BigBlueButton vulnerable to DoS via PollSubmitVote GraphQL mutation
BigBlueButton is an open-source virtual classroom. A Denial of Service DoS vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's Choices response type. By submitting a malicious payload with a massive array in...
EUVD-2025-33564
BigBlueButton is an open-source virtual classroom. A Denial of Service DoS vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's Choices response type. By submitting a malicious payload with a massive array in...
CVE-2025-61601
BigBlueButton has a DoS vulnerability (CVE-2025-61601) in versions prior to 3.0.13. The issue stems from mishandling the polling feature’s Choices response: sending a malicious payload with a massive answerIds array can freeze or crash the current meeting and potentially affect the server. A patc...