CNNVD-202510-2452 Information

CNNVD ID

CNNVD-202510-2452

Related CVE

CVE-2025-62647

• CNNVD Published: 2025-10-17

Description (Chinese)

Restaurant Brands International assistant platform是Restaurant Brands International公司的一个餐厅后台平台。 Restaurant Brands International assistant platform 2025-09-06及之前版本存在安全漏洞，该漏洞源于返回可用于调用API的JWT，可能导致任意存储路径的AWS上传URL泄露。

Description (English)

Restaurant Brands International observer platform is a back-office platform for Restaurant Brands International. There is a security loophole in Resturant Brands International observer platform 2025-09-06 and earlier versions, which originates from the return of JWT, which can be used to call API, and may result in the uploading of URLs of AWS, which store any path.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Restaurant Brands International

Published

2025-10-17

Last Modified

2026-02-24

References

https://archive.today/fMYQp https://www.yahoo.com/news/articles/burger-king-hacked-attackers-impressed-124154038.html https://bobdahacker.com/blog/rbi-hacked-drive-thrus/ https://www.malwarebytes.com/blog/news/2025/09/popeyes-tim-hortons-burger-king-platforms-have-catastrophic-vulnerabilities-say-hackers https://web.archive.org/web/20250906134240/ https://access.redhat.com/security/cve/cve-2025-62647