CVE-2025-62645 is a critical security vulnerability identified in the Restaurant Brands International (RBI) assistant platform, specifically affecting the createToken GraphQL mutation. The root cause is an incorrect privilege assignment (CWE-266), where the platform improperly grants administrative privileges to tokens created by remote authenticated users. This means that any attacker who can authenticate to the platform, even with limited privileges, can exploit this flaw to escalate their privileges to full administrative rights. The vulnerability does not require user interaction and can be exploited remotely over the network, making it highly accessible to attackers with valid credentials. The CVSS v3.1 score of 9.9 underscores the critical nature of this flaw, indicating high impact on confidentiality, integrity, and availability, as well as ease of exploitation with low attack complexity. The vulnerability affects all versions up to 2025-09-06, with no patches currently available at the time of reporting. The lack of known exploits in the wild suggests it may be newly disclosed, but the potential for abuse is significant given the administrative control gained. The assistant platform is likely used for operational management and automation within RBI’s ecosystem, so compromise could lead to unauthorized data access, manipulation of operational workflows, and potential disruption of services. The GraphQL API’s createToken mutation is the attack vector, which should be carefully monitored and restricted. This vulnerability highlights the importance of proper privilege assignment and access control in API design, especially in platforms managing critical business operations.

For European organizations using the RBI assistant platform, this vulnerability poses a severe risk. Attackers gaining administrative tokens can fully control the platform, leading to unauthorized access to sensitive operational data, manipulation of business processes, and potential disruption of services. This could result in data breaches involving customer information, financial data, or internal communications. The integrity of the platform could be compromised, allowing attackers to alter configurations or deploy malicious changes. Availability could also be impacted if attackers disrupt platform functionality or lock out legitimate users. Given RBI’s presence in the European food service market, affected organizations may face regulatory scrutiny under GDPR for data breaches and operational failures. The reputational damage and financial losses from service disruption or data compromise could be substantial. Additionally, attackers could leverage administrative access to pivot into broader corporate networks, increasing the scope of impact. The critical severity and ease of exploitation make this a top priority threat for affected entities in Europe.

1. Immediate monitoring and restriction of access to the createToken GraphQL mutation, limiting it to only trusted and necessary users. 2. Conduct a thorough review and audit of user privileges within the RBI assistant platform to ensure least privilege principles are enforced. 3. Implement multi-factor authentication (MFA) for all authenticated users to reduce the risk of credential compromise. 4. Deploy anomaly detection and logging on token creation activities to identify suspicious privilege escalation attempts. 5. Isolate the assistant platform network segment and restrict administrative access via network segmentation and firewall rules. 6. Engage with RBI for timely patching once a fix is released and apply updates immediately. 7. Conduct penetration testing and security assessments focused on GraphQL API endpoints to identify and remediate similar privilege assignment issues. 8. Educate platform administrators and users about the risks of privilege escalation and encourage reporting of unusual platform behavior. 9. Prepare incident response plans specifically addressing potential exploitation scenarios of this vulnerability. 10. Consider temporary disabling or limiting the use of the createToken mutation if operationally feasible until patched.