CVE-2025-61602

Vulnerability Description

BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed `reactionEmojiId` in the GraphQL mutation `chatSendMessageReaction`. Version 3.0.13 contains a patch. No known workarounds are available.

Vulnerability Details

Published Date

October 09, 2025

Last Modified

October 20, 2025

Source

NVD

CVE-2025-61602

Vulnerability Description

Vulnerability Details

Discussion (0)

Add Comment