Pwn2own Berlin 2025: Windows 11, Vmware, Firefox And Others Hacked

The opening of Pwn2Own Berlin 2025, hosted astatine nan OffensiveCon conference, has concluded its first 2 days pinch notable achievements successful cybersecurity research. A full of $695,000 has been awarded for 39 unsocial zero-day vulnerabilities, pinch nan last time scheduled for Saturday, May 17.

Day One: Major Exploits and AI Category Debut

On May 15, nan title commenced pinch 11 utilization attempts, including nan first-ever AI category. Researchers earned $260,000 for successful demonstrations crossed various platforms.

Key Highlights:

• Windows 11: Chen Le Qi of STAR Labs SG mixed a use-after-free and integer overflow to escalate privileges to SYSTEM, earning $30,000 and 3 Master of Pwn points.

• Red Hat Linux: Pumpkin from nan DEVCORE Research Team exploited an integer overflow for privilege escalation, securing $20,000 and 2 points.

• Oracle VirtualBox: Team Prison Break achieved a virtual instrumentality flight via an integer overflow, receiving $40,000 and 4 points.

• Docker Desktop: Billy and Ramdhan of STAR Labs demonstrated a instrumentality flight utilizing a Linux kernel vulnerability, earning $60,000 and 6 points.

• AI Category: Sina Kheirkhah of Summoning Team exploited nan Chroma AI exertion database, marking nan first occurrence successful this class and earning $20,000 and 2 points.

Additional awards were fixed for different successful exploits, including a type disorder bug successful Windows 11 by Hyeonjin Choi of Out Of Bounds, who earned $15,000 and 3 points.

Day Two: Continued Success and High-Value Exploits

The 2nd day, May 16, saw researchers uncovering 20 unsocial zero-day vulnerabilities, resulting successful $435,000 successful awards.

• Microsoft SharePoint: Dinh Ho Anh Khoa of Viettel Cyber Security mixed an authentication bypass and insecure deserialization to utilization SharePoint, earning $100,000 and 10 points.

• VMware ESXi: Synacktiv demonstrated a successful exploit, securing $80,000 and 8 points.

• NVIDIA Triton Inference Server: Mohand Acherir and Patrick Ventuzelo of FuzzingLabs earned $15,000 and 1.5 points for their exploit, which was a known but unpatched vulnerability.

Other successful exploits included attacks connected Firefox, Redis, and further AI systems.
SecurityWeek

Wrapping up Day Two of #Pwn2Own Berlin 2025. We’ve awarded $695,000 for 20 unsocial 0-days, pinch 1 much time to go! pic.twitter.com/x2oBfaSfKS

Day Three: Anticipated Final Challenges

The last day, Saturday, May 17, is expected to characteristic remaining scheduled attempts, including further AI class exploits and different high-profile targets. With $695,000 already awarded, nan full prize excavation is projected to surpass $1,000,000.

Master of Pwn Standings

As of nan extremity of Day Two, STAR Labs SG leads nan Master of Pwn standings, having demonstrated aggregate successful exploits crossed various categories. The last standings will beryllium wished aft nan conclusion of Day Three.

Pwn2Own Berlin 2025 has showcased nan increasing challenges successful cybersecurity, highlighting nan value of proactive vulnerability research. The preamble of nan AI class reflects nan increasing attraction connected securing emerging technologies.

Note: The supra accusation is based connected nan latest disposable information from nan Pwn2Own Berlin 2025 event. For elaborate results and updates, mention to nan Zero Day Initiative’s official blog.