CVE-2025-67780
📋 TL;DR
This vulnerability allows unauthenticated attackers on the same local network as a Starlink Dish to execute administrative actions via gRPC requests by bypassing cross-origin protections. Attackers can also read dish orientation data which could help infer the dish's geographical location. Affected users are those with Starlink Dish devices running vulnerable firmware on their local networks.
💻 Affected Systems
- SpaceX Starlink Dish
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could gain administrative control over the dish, potentially disrupting service, modifying configurations, or using orientation data to physically locate the device.
Likely Case
Local network attackers can execute unauthorized administrative commands and collect dish positioning data that reveals approximate location information.
If Mitigated
With proper network segmentation and access controls, the attack surface is limited to authorized local network segments only.
🎯 Exploit Status
Public research demonstrates exploitation via gRPC requests without authentication. Attack requires network access and knowledge of gRPC endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: UNKNOWN
Vendor Advisory: NONE_KNOWN
Restart Required: No
Instructions:
1. Monitor SpaceX/Starlink for firmware updates. 2. When available, update dish firmware through official Starlink app. 3. Verify firmware version after update.
🔧 Temporary Workarounds
Network Segmentation
allIsolate Starlink Dish on separate VLAN or network segment to limit access to trusted devices only.
Firewall Rules
allBlock access to dish gRPC ports (typically 9200) from untrusted network segments.
🧯 If You Can't Patch
- Segment dish network from general user networks
- Monitor network traffic for gRPC requests to dish from unauthorized sources
🔍 How to Verify
Check if Vulnerable:
Check dish firmware version in Starlink app. If version is 2024.12.04.mr46620 or similar, device is vulnerable.Check Version:
Check via Starlink mobile app: Settings > Advanced > Debug Data > Look for 'dishSwVersion'Verify Fix Applied:
Verify firmware version has been updated to a version newer than 2024.12.04.mr46620.📡 Detection & Monitoring
Log Indicators:
- Unusual gRPC requests to dish on port 9200
- Multiple failed authentication attempts to dish services
Network Indicators:
- gRPC traffic to dish from unauthorized IP addresses
- HTTP requests without Referer headers to dish endpoints
SIEM Query:
source_ip NOT IN (trusted_ips) AND dest_port=9200 AND protocol=gRPC