CVE-2025-67780: CWE-306 Missing Authentication for Critical Function in SpaceX Starlink Dish
SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 (e.g., on Mini1_prod2) allow administrative actions via unauthenticated LAN gRPC requests, aka MARMALADE 2. The cross-origin policy can be bypassed by omitting a Referer header. In some cases, an attacker's ability to read tilt, rotation, and elevation data via gRPC can make it easier to infer the geographical location of the dish.
CVE-2025-67780: CWE-306 Missing Authentication for Critical Function in SpaceX Starlink Dish
Description
SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 (e.g., on Mini1_prod2) allow administrative actions via unauthenticated LAN gRPC requests, aka MARMALADE 2. The cross-origin policy can be bypassed by omitting a Referer header. In some cases, an attacker's ability to read tilt, rotation, and elevation data via gRPC can make it easier to infer the geographical location of the dish.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2025-12-11T23:05:43.880Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 693b524b8a7c12acf2bed11d
Added to database: 12/11/2025, 11:22:51 PM
Last updated: 12/11/2025, 11:23:01 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-66452: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in danny-avila LibreChat
MediumCVE-2025-66451: CWE-20: Improper Input Validation in danny-avila LibreChat
MediumCVE-2025-66588: CWE-824 Access of Uninitialized Pointer in AzeoTech DAQFactory
HighCVE-2025-66587: CWE-122 Heap-based Buffer Overflow in AzeoTech DAQFactory
HighCVE-2025-66586: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') in AzeoTech DAQFactory
HighActions
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.