The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account.
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sat, 18 Oct 2025 00:00:00 +0000

Type Values Removed Values Added
References

Fri, 17 Oct 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 17 Oct 2025 20:45:00 +0000

Type Values Removed Values Added
Description The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account.
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-10-17T23:54:34.514Z

Reserved: 2025-10-17T00:00:00.000Z

Link: CVE-2025-62642

cve-icon Vulnrichment

Updated: 2025-10-17T20:48:32.674Z

cve-icon NVD

Status : Received

Published: 2025-10-17T21:15:36.940

Modified: 2025-10-18T00:15:35.063

Link: CVE-2025-62642

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.