CVE-2025-67780 identifies a missing authentication vulnerability (CWE-306) in SpaceX Starlink Dish devices running firmware 2024.12.04.mr46620, notably on models like Mini1_prod2. The vulnerability arises because the device's LAN gRPC interface accepts administrative commands without requiring authentication, allowing any attacker with local network access to perform critical functions. The cross-origin resource sharing (CORS) policy can be bypassed by omitting the Referer header, enabling unauthorized web-based requests. This lack of authentication on critical functions exposes the device to potential unauthorized configuration changes, which could disrupt service or degrade device integrity. Furthermore, the vulnerability permits attackers to read sensor data such as tilt, rotation, and elevation through gRPC calls. This information leakage can assist attackers in geolocating the physical position of the Starlink dish, potentially compromising user privacy and security. The vulnerability has a CVSS 3.1 base score of 4.2, reflecting medium severity with low confidentiality impact but some availability impact due to possible administrative misuse. Exploitation requires local network access (AV:A), high attack complexity (AC:H), no privileges (PR:N), and no user interaction (UI:N). No public exploits or active exploitation have been reported to date. The absence of authentication on critical functions represents a significant security design flaw that SpaceX will need to address in future firmware updates.

For European organizations, the vulnerability poses a risk primarily to confidentiality and availability. Unauthorized administrative access could allow attackers to alter device configurations, potentially disrupting internet connectivity reliant on Starlink dishes. This is particularly concerning for critical infrastructure, emergency services, and remote operations that depend on Starlink for reliable communication. The ability to infer geographic location from sensor data may expose sensitive operational locations or user privacy, which could have implications for organizations handling confidential or classified information. Although exploitation requires local network access, environments with less secure LAN segmentation or shared networks increase risk. The medium CVSS score reflects moderate impact, but the strategic importance of uninterrupted satellite internet for remote or underserved areas in Europe elevates the operational risk. The lack of known exploits reduces immediate threat but does not eliminate future risk, especially if attackers develop tools to leverage this vulnerability.

European organizations using Starlink dishes should implement strict network segmentation to isolate Starlink devices from general user networks, minimizing local network exposure. Employ network access controls such as MAC filtering and VLANs to restrict LAN access to trusted administrators only. Monitor network traffic for unusual gRPC requests or unauthorized administrative commands targeting Starlink devices. Disable or restrict LAN gRPC interfaces if possible until a firmware patch is available. Engage with SpaceX support channels to obtain updates or advisories and apply firmware updates promptly once released. Consider physical security controls to prevent unauthorized local network access near Starlink hardware. For organizations with sensitive deployments, conduct regular security audits and penetration tests focusing on satellite communication infrastructure. Document and enforce policies for device management and incident response related to Starlink equipment. Finally, maintain awareness of threat intelligence updates concerning this vulnerability and related exploits.