CNNVD-202510-2454 Information

CNNVD ID

CNNVD-202510-2454

Related CVE

CVE-2025-62645

• CNNVD Published: 2025-10-17

Description (Chinese)

Restaurant Brands International assistant platform是Restaurant Brands International公司的一个餐厅后台平台。 Restaurant Brands International assistant platform 2025-09-06及之前版本存在安全漏洞，该漏洞源于createToken GraphQL突变允许远程认证攻击者获取整个平台的管理令牌，可能导致权限提升。

Description (English)

Restaurant Brands International observer platform is a back-office platform for Restaurant Brands International. There is a security loophole in the previous and previous versions of Restaurant Brands International Advisory Platform 2025-09-06, which stems from the mutation of CreateToken GraphQL, which allows remote authentication of the attacker ’ s access to the platform ’ s entire management badge, which may lead to increased authority.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Restaurant Brands International

Published

2025-10-17

Last Modified

2026-02-24

References

https://archive.today/fMYQp https://www.yahoo.com/news/articles/burger-king-hacked-attackers-impressed-124154038.html https://bobdahacker.com/blog/rbi-hacked-drive-thrus/ https://www.malwarebytes.com/blog/news/2025/09/popeyes-tim-hortons-burger-king-platforms-have-catastrophic-vulnerabilities-say-hackers https://web.archive.org/web/20250906134240/ https://access.redhat.com/security/cve/cve-2025-62645