Rbi

Restaurant Brands International Assistant

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6

CVE-2025-62642

Medienbericht
  • EPSS 0.05%
  • Veröffentlicht 17.10.2025 00:00:00
  • Zuletzt bearbeitet 31.10.2025 18:39:56

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account.

8.6

CVE-2025-62643

Medienbericht Exploit
  • EPSS 0.03%
  • Veröffentlicht 17.10.2025 00:00:00
  • Zuletzt bearbeitet 31.10.2025 18:32:49

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages.

7.7

CVE-2025-62644

Medienbericht Exploit
  • EPSS 0.06%
  • Veröffentlicht 17.10.2025 00:00:00
  • Zuletzt bearbeitet 31.10.2025 18:30:33

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users.

9.9

CVE-2025-62645

Medienbericht Exploit
  • EPSS 0.31%
  • Veröffentlicht 17.10.2025 00:00:00
  • Zuletzt bearbeitet 04.11.2025 15:13:52

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation.

7.7

CVE-2025-62646

Medienbericht Exploit
  • EPSS 0.09%
  • Veröffentlicht 17.10.2025 00:00:00
  • Zuletzt bearbeitet 31.10.2025 18:36:44

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers.

5.8

CVE-2025-62647

Medienbericht Exploit
  • EPSS 0.06%
  • Veröffentlicht 17.10.2025 00:00:00
  • Zuletzt bearbeitet 31.10.2025 18:39:42

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path.

5.8

CVE-2025-62648

Medienbericht Exploit
  • EPSS 0.09%
  • Veröffentlicht 17.10.2025 00:00:00
  • Zuletzt bearbeitet 31.10.2025 18:39:34

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume.

5.8

CVE-2025-62649

Medienbericht Exploit
  • EPSS 0.29%
  • Veröffentlicht 17.10.2025 00:00:00
  • Zuletzt bearbeitet 06.11.2025 22:20:53

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.

9.9

CVE-2025-62650

Medienbericht
  • EPSS 0.12%
  • Veröffentlicht 17.10.2025 00:00:00
  • Zuletzt bearbeitet 31.10.2025 18:39:28

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.

5.8

CVE-2025-62651

Medienbericht Exploit
  • EPSS 0.07%
  • Veröffentlicht 17.10.2025 00:00:00
  • Zuletzt bearbeitet 31.10.2025 18:40:20

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.