74 matches found
Restaurant Brands International assistant platform multiple vulnerabilities
RISK EVALUATION Restaurant Brands International assistant platform is used to manage restaurants owned by RBI. Multiple vulnerabilities were found in the assistant platform. The most severe vulnerabilities chained together could allow a remote, unauthenticated attacker to create an account and...
CVE-2025-62642
The Restaurant Brands International RBI assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account...
CVE-2025-62648
The Restaurant Brands International RBI assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume...
CVE-2025-62644
The Restaurant Brands International RBI assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users...
CVE-2025-62651
The Restaurant Brands International RBI assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface...
CVE-2025-62647
The Restaurant Brands International RBI assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path...
CVE-2025-62649
The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders...
CVE-2025-62646
The Restaurant Brands International RBI assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers...
CVE-2025-62643
The Restaurant Brands International RBI assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages...
CVE-2025-62650
The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen...
CVE-2025-62651
The Restaurant Brands International RBI assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface...
CVE-2025-62649
The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders...
CVE-2025-62651
The Restaurant Brands International RBI assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface...
CVE-2025-62650
The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen...
CVE-2025-62649
The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders...
CVE-2025-62646
The Restaurant Brands International RBI assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers...
CVE-2025-62643
The Restaurant Brands International RBI assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages...
CVE-2025-62644
The Restaurant Brands International RBI assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users...
CVE-2025-62645
The Restaurant Brands International RBI assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation...
CVE-2025-62648
The Restaurant Brands International RBI assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume...