This page aggregates publicly disclosed CVE and security risk information related to rbi, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-62651 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface. | [email protected] | 6.5 | 0.07% | 2025-10-17 | 2025-10-31 |
| CVE-2025-62650 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen. | [email protected] | 8.3 | 0.07% | 2025-10-17 | 2025-10-31 |
| CVE-2025-62649 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders. | [email protected] | 5.8 | 0.15% | 2025-10-17 | 2025-11-06 |
| CVE-2025-62648 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume. | [email protected] | 6.4 | 0.10% | 2025-10-17 | 2025-10-31 |
| CVE-2025-62647 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path. | [email protected] | 5.0 | 0.05% | 2025-10-17 | 2025-10-31 |
| CVE-2025-62646 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers. | [email protected] | 5.0 | 0.05% | 2025-10-17 | 2025-10-31 |
| CVE-2025-62645 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation. | [email protected] | 9.9 | 0.22% | 2025-10-17 | 2025-11-04 |
| CVE-2025-62644 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users. | [email protected] | 5.0 | 0.05% | 2025-10-17 | 2025-10-31 |
| CVE-2025-62643 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages. | [email protected] | 3.4 | 0.01% | 2025-10-17 | 2025-10-31 |
| CVE-2025-62642 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account. | [email protected] | 5.8 | 0.05% | 2025-10-17 | 2025-10-31 |