CVE-2025-62650

critical

Description

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.

References

Advisories
More

https://www.yahoo.com/news/articles/burger-king-hacked-attackers-impressed-124154038.html

https://www.malwarebytes.com/blog/news/2025/09/popeyes-tim-hortons-burger-king-platforms-have-catastrophic-vulnerabilities-say-hackers

https://archive.today/fMYQp

https://web.archive.org/web/20250906134240/https:/bobdahacker.com/blog/rbi-hacked-drive-thrus

https://bobdahacker.com/blog/rbi-hacked-drive-thrus/

Details

Source: Mitre, NVD

Published: 2025-10-17

Updated: 2025-10-31

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.9

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

Severity: Critical

EPSS

EPSS: 0.0007

Detections

Analytics