Unauthenticated Remote Access Vulnerability in SpaceX Starlink Dish Devices
CVE-2025-67780

4.2MEDIUM

Key Information:

Vendor: Spacex
Status: Starlink Dish
Vendor: CVE Published:; 11 December 2025

What is CVE-2025-67780?

SpaceX Starlink Dish devices running firmware version 2024.12.04.mr46620 are susceptible to a serious security vulnerability that allows an attacker to perform administrative actions via unauthenticated Local Area Network (LAN) gRPC requests. By bypassing the standard cross-origin policy through the omission of a Referer header, an attacker could exploit this flaw to manipulate device settings. Additionally, the ability to access tilt, rotation, and elevation data can enable attackers to derive the geographic location of the dish, posing a significant privacy and security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Starlink Dish 2024.12.04.mr46620 < 21.08.24

References

https://www.akawlabs.com/blog/starlink-grpc-execution

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Dec 11, 2025

JSON

Spacex

What is CVE-2025-67780?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.