Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-62649
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.
CVSS Score
5.8
EPSS Score
0.002
Published
2025-10-17
CVE-2025-62650
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.
CVSS Score
8.3
EPSS Score
0.001
Published
2025-10-17
CVE-2025-62651
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-17
CVE-2025-62643
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages.
CVSS Score
3.4
EPSS Score
0.0
Published
2025-10-17
CVE-2025-62644
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users.
CVSS Score
5.0
EPSS Score
0.0
Published
2025-10-17
CVE-2025-62645
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation.
CVSS Score
9.9
EPSS Score
0.002
Published
2025-10-17
CVE-2025-62646
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers.
CVSS Score
5.0
EPSS Score
0.001
Published
2025-10-17
CVE-2025-62647
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path.
CVSS Score
5.0
EPSS Score
0.0
Published
2025-10-17
CVE-2025-62648
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume.
CVSS Score
6.4
EPSS Score
0.001
Published
2025-10-17
CVE-2025-62642
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account.
CVSS Score
5.8
EPSS Score
0.0
Published
2025-10-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved