CVE-2025-67780

MEDIUM

SpaceX Starlink Dish - Unauthenticated RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-67780. PoCs published by SteveAkawLabs.

AI-analyzed exploit summary The repository contains a functional PowerShell script that exploits CVE-2025-67780, a vulnerability in Starlink Dishes allowing unauthenticated reboot via crafted gRPC commands. The PoC sends a specific binary payload to trigger a denial-of-service by forcing a reboot.

Description

SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 (e.g., on Mini1_prod2) allow administrative actions via unauthenticated LAN gRPC requests, aka MARMALADE 2. The cross-origin policy can be bypassed by omitting a Referer header. In some cases, an attacker's ability to read tilt, rotation, and elevation data via gRPC can make it easier to infer the geographical location of the dish.

Exploits (1)

nomisec WORKING POC
by SteveAkawLabs · poc
https://github.com/SteveAkawLabs/MARMALADE-2-CVE-2025-67780-Exploit

The repository contains a functional PowerShell script that exploits CVE-2025-67780, a vulnerability in Starlink Dishes allowing unauthenticated reboot via crafted gRPC commands. The PoC sends a specific binary payload to trigger a denial-of-service by forcing a reboot.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Starlink Dish (MARMALADE 2)
No auth needed
Prerequisites: Local network access to the Starlink Dish · Dish reachable at hardcoded IP 192.168.100.1 on port 9201
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 4.2
EPSS 0.0013
EPSS Percentile 3.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-306
Status published
Products (1)
SpaceX/Starlink Dish 2024.12.04.mr46620 - 21.08.24
Published Dec 11, 2025
Tracked Since Feb 18, 2026