Restaurant Brands International Drive-Thru Audio Vulnerability

Vulnerability

A vulnerability in the Restaurant Brands International (RBI) assistant platform, affecting through September 6, 2025, allows remote attackers to manipulate the audio volume of Drive Thru speakers. This issue arises from improperly configured user sign-up options in AWS Cognito, which were exploited to gain unauthorized access to sensitive functionalities and data across RBI's brand platforms, including Burger King, Tim Hortons, and Popeyes.

Impact

Exploitation of this vulnerability allows for unauthorized adjustment of Drive Thru speaker audio levels, potentially disrupting service and customer experience.

Added: Oct 17, 2025, 9:19 PM

Updated: Oct 18, 2025, 1:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

0.0

relevance

0.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

0.0

relevance

0.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Restaurant Brands International Drive-Thru Audio Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating