The vulnerability identified as CVE-2025-62781 affects the PILOS platform, a frontend for BigBlueButton used for interactive live online seminars, developed by THM-Health. In versions prior to 4.8.0, the platform allows users with local accounts to change their passwords while logged in. Upon password change, the system is designed to terminate all other active sessions to prevent unauthorized access. However, the current session's token remains valid and is not refreshed or invalidated. This means that if an attacker has previously obtained the session token—potentially through another vulnerability or session hijacking—they can continue to use that token to access the user's account even after the password has been changed. This represents an insufficient session expiration flaw categorized under CWE-613. The vulnerability has a CVSS 3.1 base score of 5.0 (medium severity), with attack vector network, high attack complexity, low privileges required, no user interaction, and impacts on confidentiality, integrity, and availability at a low level. No known exploits are currently reported in the wild. The issue is resolved in PILOS version 4.8.0, where session tokens are properly invalidated or refreshed upon password changes, ensuring that attackers cannot maintain access after credential updates.

For European organizations using PILOS, this vulnerability poses a risk of persistent unauthorized access if an attacker has previously compromised a session token. This could lead to unauthorized data access, manipulation of seminar content or user information, and potential disruption of live online seminars. Although the impact on confidentiality, integrity, and availability is rated low individually, the ability to maintain access despite password changes undermines trust in account security and could facilitate further attacks or data breaches. Organizations in sectors such as education, healthcare, and corporate training that rely on PILOS for secure remote seminars may face compliance risks under GDPR if personal data is exposed or mishandled. The medium severity rating suggests that while exploitation requires some complexity and prior access, the consequences warrant prompt remediation to prevent escalation or lateral movement within networks.

European organizations should immediately upgrade PILOS installations to version 4.8.0 or later, where the session token invalidation issue is fixed. Until upgrades are applied, organizations should enforce additional compensating controls such as monitoring active sessions and manually terminating suspicious sessions after password changes. Implementing multi-factor authentication (MFA) can reduce the risk of session token compromise. Network-level protections like web application firewalls (WAFs) can help detect anomalous session activities. Regularly auditing session management logs and educating users about secure session practices will also mitigate risks. Additionally, organizations should review and patch any other vulnerabilities that could allow initial session token theft, as this vulnerability's exploitation depends on prior token compromise.