Post

Pwn2Own Berlin 2025: Over $1 Million Awarded for Groundbreaking Cybersecurity Exploits

Posted
By Tom Grant
2 min read
Pwn2Own Berlin 2025: Over $1 Million Awarded for Groundbreaking Cybersecurity Exploits

TL;DR

The Pwn2Own Berlin 2025 event concluded with a total prize money of $1,078,750 awarded over three days. Participants demonstrated 28 unique zero-day exploits across various products, including VMware, Windows, and NVIDIA. STAR Labs SG won the “Master of Pwn” title with $320,000 and 35 points.

Pwn2Own Berlin 2025 Concludes with $1,078,750 in Prize Money

The final day of Pwn2Own Berlin 2025 saw participants earn $383,750, bringing the total prize money to $1,078,750 over the three-day event. Contestants showcased zero-day vulnerabilities in VMware Workstation, ESXi, Windows, NVIDIA, and Firefox, with a significant focus on AI category exploits.

Highlights of the Final Day

  • STAR Labs SG emerged as the winner of the “Master of Pwn” title, securing $320,000 and 35 points.
  • Corentin BAYET from Reverse_Tactics exploited ESXi using two bugs, earning $112,500 and 11.5 points.
  • Thomas Bouzerar and Etienne Helluy-Lafont from Synacktiv demonstrated a heap-based buffer overflow in VMware Workstation, winning $80,000 and 8 points.
  • Dung and Nguyen from STAR Labs exploited a TOCTOU race condition and a Windows privilege escalation flaw, earning $70,000 and 9 points.
  • Miloš Ivanović used a race condition to gain SYSTEM privileges on Windows 11, securing $15,000 and 3 points.

Detailed Exploits and Achievements

  • Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics exploited ESXi using two bugs; one overlapped with a prior entry, causing a COLLISION. However, his unique integer overflow earned him $112,500 and 11.5 points.
  • Thomas Bouzerar (@MajorTomSec) and Etienne Helluy-Lafont from Synacktiv exploited VMware Workstation with a heap-based buffer overflow, earning $80,000 and 8 Master of Pwn points.
  • Dung and Nguyen (@MochiNishimiya) from STAR Labs exploited a TOCTOU race condition to escape the VM and an array index validation flaw for Windows privilege escalation, earning $70,000 and 9 points.
  • Miloš Ivanović (infosec.exchange/@ynwarcs) used a race condition to gain SYSTEM privileges on Windows 11, earning $15,000 and 3 Master of Pwn points.

Event Overview

Pwn2Own Berlin 2025 marked the first time the competition included an AI category, adding a new dimension to the event. The full list of hacking attempts made during the event is available here.

Conclusion

Pwn2Own Berlin 2025 showcased the cutting-edge of cybersecurity research, with participants demonstrating critical vulnerabilities in widely-used software. The event underscored the importance of continuous security testing and the role of ethical hacking in enhancing digital security.

For more details, visit the full article: source

Follow for More Updates

Additional Resources

For further insights, check:

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity threat-intelligence hacking
This post is licensed under CC BY 4.0 by the author.