CVE-2025-67780
MEDIUMSpaceX Starlink Dish - Unauthenticated RCE
Title source: llmDescription
SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 (e.g., on Mini1_prod2) allow administrative actions via unauthenticated LAN gRPC requests, aka MARMALADE 2. The cross-origin policy can be bypassed by omitting a Referer header. In some cases, an attacker's ability to read tilt, rotation, and elevation data via gRPC can make it easier to infer the geographical location of the dish.
Exploits (1)
nomisec
WORKING POC
by SteveAkawLabs · poc
https://github.com/SteveAkawLabs/MARMALADE-2-CVE-2025-67780-Exploit
Scores
CVSS v3
4.2
EPSS
0.0003
EPSS Percentile
8.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Details
CWE
CWE-306
Status
published
Products (1)
SpaceX/Starlink Dish
2024.12.04.mr46620 - 21.08.24
Published
Dec 11, 2025
Tracked Since
Feb 18, 2026