cbcvebase.

Restaurant Brands International Assistant Platform vulnerabilities

10 known vulnerabilities affecting restaurant_brands_international/assistant_platform.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2025-62645P2CRITICALCVSS 9.9≤ 2025-09-062025-10-17
CVE-2025-62645 [CRITICAL] CWE-266 CVE-2025-62645: The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote auth The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation.
nvd
CVE-2025-62650P3CRITICALCVSS 9.9≤ 2025-09-062025-10-17
CVE-2025-62650 [CRITICAL] CWE-603 CVE-2025-62650: The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-sid The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.
nvd
CVE-2025-62642P3HIGHCVSS 8.6≤ 2025-09-062025-10-17
CVE-2025-62642 [HIGH] CWE-862 CVE-2025-62642: The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can J The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account.
nvd
CVE-2025-62646P3HIGHCVSS 7.7≤ 2025-09-062025-10-17
CVE-2025-62646 [HIGH] CWE-669 CVE-2025-62646: The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attack The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers.
nvd
CVE-2025-62643P3HIGHCVSS 8.6≤ 2025-09-062025-10-17
CVE-2025-62643 [HIGH] CWE-319 CVE-2025-62643: The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages.
nvd
CVE-2025-62644P3HIGHCVSS 7.7≤ 2025-09-062025-10-17
CVE-2025-62644 [HIGH] CWE-359 CVE-2025-62644: The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store D The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users.
nvd
CVE-2025-62649P3MEDIUMCVSS 5.8≤ 2025-09-062025-10-17
CVE-2025-62649 [MEDIUM] CWE-603 CVE-2025-62649: The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-sid The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.
nvd
CVE-2025-62648P4MEDIUMCVSS 5.8≤ 2025-09-062025-10-17
CVE-2025-62648 [MEDIUM] CWE-863 CVE-2025-62648: The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attack The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume.
nvd
CVE-2025-62651P4MEDIUMCVSS 5.8≤ 2025-09-062025-10-17
CVE-2025-62651 [MEDIUM] CWE-863 CVE-2025-62651: The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement a The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.
nvd
CVE-2025-62647P4MEDIUMCVSS 5.8≤ 2025-09-062025-10-17
CVE-2025-62647 [MEDIUM] CWE-863 CVE-2025-62647: The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functio The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path.
nvd