Primary

Context

Restaurant Brands International Assistant Platform Global Store Directory Information Sharing Vulnerability

Vulnerability

A vulnerability exists in the Restaurant Brands International (RBI) assistant platform's Global Store Directory, which, through September 6, 2025, improperly shares personal information among authenticated users. This issue affects the platforms of Burger King, Tim Hortons, and Popeyes, all managed under RBI.

Impact

Exploitation of this vulnerability allows authenticated users to access and share personal information, including voice recordings of drive-thru orders, which may contain background conversations and personally identifiable information.

Remediation

RBI has reportedly fixed these vulnerabilities, but details on the specific remediation steps are not available.

Added: Oct 17, 2025, 9:22 PM

Updated: Oct 18, 2025, 1:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.6

exploitability

6.6

remediation

0.0

relevance

0.8

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.6

exploitability

6.6

remediation

0.0

relevance

0.8

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Restaurant Brands International Assistant Platform Global Store Directory Information Sharing Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating