Loading
Generated remediation guidance and an executive summary. No account required.
BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's `Choices` response type. By submitting a malicious payload with a massive array in the `answerIds` field, the attacker can cause the current meeting — and potentially all meetings on the server — to become unresponsive. Version 3.0.13 contains a patch. No known workarounds are available.
Use CWE-703, Bigbluebutton vendor hub and Bigbluebutton product page to widen CVE-2025-61601 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-61602, CVE-2026-27466 and CVE-2025-55200 for nearby disclosures in the same product family.