Rbi

rbi

10 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Restaurant Brands International Assistant

restaurant_brands_international_assistant

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-62651 1Rbi 1Restaurant Brands International Assistant Oct 31, 2025 Oct 17, 2025 N/A· v4 5.8 MEDIUM· v3 N/A· v2 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.
CVE-2025-62650 1Rbi 1Restaurant Brands International Assistant Oct 31, 2025 Oct 17, 2025 N/A· v4 9.9 CRITICAL· v3 N/A· v2 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.
CVE-2025-62649 1Rbi 1Restaurant Brands International Assistant Nov 6, 2025 Oct 17, 2025 N/A· v4 5.8 MEDIUM· v3 N/A· v2 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.
CVE-2025-62648 1Rbi 1Restaurant Brands International Assistant Oct 31, 2025 Oct 17, 2025 N/A· v4 5.8 MEDIUM· v3 N/A· v2 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume.
CVE-2025-62647 1Rbi 1Restaurant Brands International Assistant Oct 31, 2025 Oct 17, 2025 N/A· v4 5.8 MEDIUM· v3 N/A· v2 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path.
CVE-2025-62646 1Rbi 1Restaurant Brands International Assistant Oct 31, 2025 Oct 17, 2025 N/A· v4 7.7 HIGH· v3 N/A· v2 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers.
CVE-2025-62645 1Rbi 1Restaurant Brands International Assistant Nov 4, 2025 Oct 17, 2025 N/A· v4 9.9 CRITICAL· v3 N/A· v2 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL...Show more The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation.Show less
CVE-2025-62644 1Rbi 1Restaurant Brands International Assistant Oct 31, 2025 Oct 17, 2025 N/A· v4 7.7 HIGH· v3 N/A· v2 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users.
CVE-2025-62643 1Rbi 1Restaurant Brands International Assistant Oct 31, 2025 Oct 17, 2025 N/A· v4 8.6 HIGH· v3 N/A· v2 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages.
CVE-2025-62642 1Rbi 1Restaurant Brands International Assistant Oct 31, 2025 Oct 17, 2025 N/A· v4 8.6 HIGH· v3 N/A· v2 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to cre...Show more The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account.Show less