CVE-2025-62651
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-17
Last updated on: 2025-10-31
Assigner: MITRE
Description
Description
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rbi | restaurant_brands_international_assistant | to 2025-09-06 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Restaurant Brands International (RBI) assistant platform exists because it does not implement access control for the bathroom rating interface. This means that anyone can access and potentially manipulate the bathroom rating feature without restrictions.
How can this vulnerability impact me? :
The lack of access control could allow unauthorized users to view or alter bathroom ratings, potentially leading to inaccurate or misleading information. This could harm the reputation of the business or cause operational issues related to customer experience.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70