CVE Catalog

CVE-2025-67780

MediumCVSS 4.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile - higher than 3% of all known CVEs

Summary

SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 allow unauthenticated LAN gRPC requests, enabling administrative actions. The cross-origin policy can be bypassed by omitting a Referer header. An attacker can read tilt, rotation, and elevation data, making it easier to infer the dish's geographical location.

Risk Assessment

The risk involves unauthorized access to administrative functions and potential leakage of location data, which could compromise privacy and physical security.

Recommendation

It is recommended to update the firmware to the latest version and restrict access to gRPC ports (9201) on the LAN using a firewall or network segmentation.

Original NVD description (English source)

SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 (e.g., on Mini1_prod2) allow administrative actions via unauthenticated LAN gRPC requests, aka MARMALADE 2. The cross-origin policy can be bypassed by omitting a Referer header. In some cases, an attacker's ability to read tilt, rotation, and elevation data via gRPC can make it easier to infer the geographical location of the dish. NOTE: this is disputed by the Supplier because unauthenticated LAN gRPC is intended behavior for certain mobile app integration, and because the cross-origin policy is correctly enforced for gRPC-Web (port 9201), i.e., it is not a valid vulnerability report.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS