How severe is CVE-2025-62650?

High severity. CVSS v3 base score is 8.3 out of 10.

Vulnerability in Restaurant Brands International Assistant Platform

CVE-2025-62650

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.

EPSS: 0.001 (27.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L.

Affected products

Restaurant Brands International Assistant Platform — versions 0

Weakness classification (CWE)

CWE-603

References

www.yahoo.com/news/articles/burger-king-hacked-attackers-impressed-124154038.ht…
www.malwarebytes.com/blog/news/2025/09/popeyes-tim-hortons-burger-king-platform…
web.archive.org/web/20250906134240/https:/bobdahacker.com/blog/rbi-hacked-drive…
bobdahacker.com/blog/rbi-hacked-drive-thrus/
archive.today/fMYQp

Frequently asked questions

What is CVE-2025-62650?: CVE-2025-62650 is a high-severity vulnerability in Restaurant Brands International Assistant Platform, classified under CWE-603. CVSS score: 8.3/10. Published 2025-10-17.
How severe is CVE-2025-62650?: High severity. CVSS v3 base score is 8.3 out of 10.