CVE-2025-62650
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-17

Last updated on: 2025-10-31

Assigner: MITRE

Description
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-17
Last Modified
2025-10-31
Generated
2026-06-16
AI Q&A
2025-10-17
EPSS Evaluated
2026-06-14
NVD
CVE-2025-62650
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
rbi restaurant_brands_international_assistant to 2025-09-06 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-603 A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Restaurant Brands International (RBI) assistant platform up to version 2025-09-06, where it relies on client-side authentication for accessing the diagnostic screen. This means that the authentication process is handled on the user's device rather than securely on the server, potentially allowing unauthorized users to bypass authentication controls.

Impact Analysis

Because the platform relies on client-side authentication for the diagnostic screen, an attacker could exploit this to gain unauthorized access, leading to potential information disclosure, modification, or disruption of service. The CVSS score indicates a high severity with impacts on confidentiality, integrity, and availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62650. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart