SpaceX Starlink Dish Unauthenticated LAN gRPC Access (CVE-2025-67780)

December 12, 2025 Jason Davies 1222 Views 0 Comments CVE-2025-67780, Cyber Security, SpaceX, SpaceX Starlink 0 min read

CVE number -= CVE-2025-67780

SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 (e.g., on Mini1_prod2) allow administrative actions via unauthenticated LAN gRPC requests, aka MARMALADE 2.

The cross-origin policy can be bypassed by omitting a Referer header. In some cases, an attacker’s ability to read tilt, rotation, and elevation data via gRPC can make it easier to infer the geographical location of the dish.

Further information = https://www.akawlabs.com/blog/starlink-grpc-execution

Jason Davies

I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.

SpaceX Starlink Dish Unauthenticated LAN gRPC Access (CVE-2025-67780)

Like this:

Related Posts

Leave a ReplyCancel reply

Share this:

Like this:

Related Posts

Leave a ReplyCancel reply