The start of Pwn2Own Berlin 2025, hosted on the OffensiveCon convention, has concluded its first two days with notable achievements in cybersecurity analysis. A complete of $695,000 has been awarded for 39 distinctive zero-day vulnerabilities, with the ultimate day scheduled for Saturday, Could 17.
Day One: Main Exploits and AI Class Debut
On Could 15, the competitors commenced with 11 exploit makes an attempt, together with the first-ever AI class. Researchers earned $260,000 for profitable demonstrations throughout numerous platforms.
Key Highlights:
- Home windows 11: Chen Le Qi of STAR Labs SG mixed a use-after-free and integer overflow to escalate privileges to SYSTEM, incomes $30,000 and three Grasp of Pwn factors.
- Pink Hat Linux: Pumpkin from the DEVCORE Analysis Crew exploited an integer overflow for privilege escalation, securing $20,000 and a pair of factors.
- Oracle VirtualBox: Crew Jail Break achieved a digital machine escape through an integer overflow, receiving $40,000 and 4 factors.
- Docker Desktop: Billy and Ramdhan of STAR Labs demonstrated a container escape utilizing a Linux kernel vulnerability, incomes $60,000 and 6 factors.
- AI Class: Sina Kheirkhah of Summoning Crew exploited the Chroma AI utility database, marking the primary success on this class and incomes $20,000 and a pair of factors.
Further awards got for different profitable exploits, together with a sort confusion bug in Home windows 11 by Hyeonjin Choi of Out Of Bounds, who earned $15,000 and three factors.
Day Two: Continued Success and Excessive-Worth Exploits
The second day, Could 16, noticed researchers uncovering 20 distinctive zero-day vulnerabilities, leading to $435,000 in awards.
- Microsoft SharePoint: Dinh Ho Anh Khoa of Viettel Cyber Safety mixed an authentication bypass and insecure deserialization to use SharePoint, incomes $100,000 and 10 factors.
- VMware ESXi: Synacktiv demonstrated a profitable exploit, securing $80,000 and eight factors.
- NVIDIA Triton Inference Server: Mohand Acherir and Patrick Ventuzelo of FuzzingLabs earned $15,000 and 1.5 factors for his or her exploit, which was a identified however unpatched vulnerability.
Different profitable exploits included assaults on Firefox, Redis, and extra AI methods.
SecurityWeek
Wrapping up Day Two of #Pwn2Own Berlin 2025. We’ve awarded $695,000 for 20 distinctive 0-days, with another day to go! pic.twitter.com/x2oBfaSfKS
— Development Zero Day Initiative (@thezdi) Could 16, 2025
Day Three: Anticipated Closing Challenges
The ultimate day, Saturday, Could 17, is predicted to characteristic remaining scheduled makes an attempt, together with additional AI class exploits and different high-profile targets. With $695,000 already awarded, the whole prize pool is projected to surpass $1,000,000.
Grasp of Pwn Standings
As of the top of Day Two, STAR Labs SG leads the Grasp of Pwn standings, having demonstrated a number of profitable exploits throughout numerous classes. The ultimate standings shall be decided after the conclusion of Day Three.
Pwn2Own Berlin 2025 has showcased the rising challenges in cybersecurity, highlighting the significance of proactive vulnerability analysis. The introduction of the AI class displays the rising concentrate on securing rising applied sciences.
Word: The above data relies on the newest out there information from the Pwn2Own Berlin 2025 occasion. For detailed outcomes and updates, seek advice from the Zero Day Initiative’s official weblog.
