Rbi Restaurant_brands_international_assistant

10 CVEs affecting Rbi Restaurant_brands_international_assistant. Latest disclosed: 2025-10-17. Critical: 1, High: 1.

Top CVEs affecting Rbi Restaurant_brands_international_assistant
CVESeverityScorePublishedSummary
CVE-2025-62645Critical9.92025-10-17The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative pr…
CVE-2025-62650High8.32025-10-17The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.
CVE-2025-62651Medium6.52025-10-17The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.
CVE-2025-62648Medium6.42025-10-17The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume.
CVE-2025-62649Medium5.82025-10-17The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.
CVE-2025-62642Medium5.82025-10-17The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user accoun…
CVE-2025-62647Medium5.02025-10-17The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API t…
CVE-2025-62646Medium5.02025-10-17The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between ass…
CVE-2025-62644Medium5.02025-10-17The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticat…
CVE-2025-62643Low3.42025-10-17The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages.