How severe is CVE-2025-62649?

Medium severity. CVSS v3 base score is 5.8 out of 10.

Vulnerability in Restaurant Brands International Assistant Platform

CVE-2025-62649

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.

EPSS: 0.001 (28.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N.

Affected products

Restaurant Brands International Assistant Platform — versions 0

Weakness classification (CWE)

CWE-603

References

www.yahoo.com/news/articles/burger-king-hacked-attackers-impressed-124154038.ht…
www.malwarebytes.com/blog/news/2025/09/popeyes-tim-hortons-burger-king-platform…
web.archive.org/web/20250906134240/https:/bobdahacker.com/blog/rbi-hacked-drive…
bobdahacker.com/blog/rbi-hacked-drive-thrus/
archive.today/fMYQp

Frequently asked questions

What is CVE-2025-62649?: CVE-2025-62649 is a medium-severity vulnerability in Restaurant Brands International Assistant Platform, classified under CWE-603. CVSS score: 5.8/10. Published 2025-10-17.
How severe is CVE-2025-62649?: Medium severity. CVSS v3 base score is 5.8 out of 10.