BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed reactionEmojiId in the GraphQL mutation chatSendMessageReaction. Version 3.0.13 contains a patch. No known workarounds are available.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61602.json",
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-703"
]
}