RBI assistant platform
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-62646 | 0.00 | — | 0.00 | Oct 17, 2025 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers. | |||
| CVE-2025-62651 | 0.00 | — | 0.00 | Oct 17, 2025 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface. | |||
| CVE-2025-62645 | 0.00 | — | 0.00 | Oct 17, 2025 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation. | |||
| CVE-2025-62643 | 0.00 | — | 0.00 | Oct 17, 2025 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages. | |||
| CVE-2025-62647 | 0.00 | — | 0.00 | Oct 17, 2025 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path. | |||
| CVE-2025-62642 | 0.00 | — | 0.00 | Oct 17, 2025 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account. | |||
| CVE-2025-62644 | 0.00 | — | 0.00 | Oct 17, 2025 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users. | |||
| CVE-2025-62648 | 0.00 | — | 0.00 | Oct 17, 2025 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume. |
- CVE-2025-62646Oct 17, 2025risk 0.00cvss —epss 0.00
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers.
- CVE-2025-62651Oct 17, 2025risk 0.00cvss —epss 0.00
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.
- CVE-2025-62645Oct 17, 2025risk 0.00cvss —epss 0.00
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation.
- CVE-2025-62643Oct 17, 2025risk 0.00cvss —epss 0.00
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages.
- CVE-2025-62647Oct 17, 2025risk 0.00cvss —epss 0.00
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path.
- CVE-2025-62642Oct 17, 2025risk 0.00cvss —epss 0.00
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account.
- CVE-2025-62644Oct 17, 2025risk 0.00cvss —epss 0.00
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users.
- CVE-2025-62648Oct 17, 2025risk 0.00cvss —epss 0.00
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume.