RbiCVEs & Vulnerabilities

10 CVEs affecting Rbi products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

restaurant brands international assistant 10
CVE-2025-62651MEDIUM

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.

18 Oct 2025
5.8
CVSS
CVE-2025-62650CRITICAL

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.

18 Oct 2025
9.9
CVSS
CVE-2025-62649MEDIUM

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.

18 Oct 2025
5.8
CVSS
CVE-2025-62648MEDIUM

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume.

18 Oct 2025
5.8
CVSS
CVE-2025-62647MEDIUM

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path.

18 Oct 2025
5.8
CVSS
CVE-2025-62646HIGH

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers.

18 Oct 2025
7.7
CVSS
CVE-2025-62645CRITICAL

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation.

18 Oct 2025
9.9
CVSS
CVE-2025-62644HIGH

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users.

18 Oct 2025
7.7
CVSS
CVE-2025-62643HIGH

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages.

18 Oct 2025
8.6
CVSS
CVE-2025-62642HIGH

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account.

18 Oct 2025
8.6
CVSS
← PrevPage 1 / 1Next →