Ethical Hacking News
Pwn2Own Berlin 2025 highlights the ongoing threat landscape in the enterprise technology sector, with hackers exploiting zero-day bugs in multiple software products. The event showcases the importance of collaboration between security researchers and vendors in identifying and mitigating vulnerabilities.
Pwn2Own Berlin 2025 has concluded its second day, with hackers successfully exploiting multiple zero-day bugs. $695,000 was earned by competitors after demonstrating 20 unique zero-day bugs over two days. A new AI category was introduced, allowing security researchers to earn rewards for discovering vulnerabilities using artificial intelligence. Winners included Nguyen Hoang Thach ($150,000) and Dinh Ho Anh Khoa ($100,000). Zero-day bugs were exploited in various enterprise technologies, including Microsoft SharePoint and VMware ESXi. The competition highlights the ongoing threat landscape in the enterprise technology sector. Vendors must patch and address zero-day vulnerabilities within a 90-day timeline after exploitation is disclosed during the contest.
Pwn2Own Berlin 2025, a premier hacking competition that brings together top security researchers and enterprises to demonstrate and discover zero-day vulnerabilities in various software products, has recently concluded its second day. During this event, hackers successfully exploited multiple zero-day bugs in enterprise technologies, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox.
The competition, which took place during the OffensiveCon conference between May 15th and 17th, 2025, attracted a total of $695,000 earned by competitors after demonstrating 20 unique zero-day bugs over the course of two days. The event introduced an AI category for the first time, allowing security researchers to earn rewards for discovering vulnerabilities in software products using artificial intelligence.
The highlights of the competition included Nguyen Hoang Thach of STARLabs SG successfully exploiting a zero-day bug in VMware ESXi and earning $150,000. Dinh Ho Anh Khoa of Viettel Cyber Security earned $100,000 after leveraging an exploit chain combining an authentication bypass and an insecure deserialization flaw to hack Microsoft SharePoint.
Meanwhile, competitors Edouard Bochin and Tao Yan from Palo Alto Networks demonstrated an out-of-bounds write zero-day in Mozilla Firefox, while Gerrard Tai of STAR Labs SG escalated privileges to root on Red Hat Enterprise Linux using a use-after-free bug. Viettel Cyber Security successfully used another out-of-bounds write for an Oracle VirtualBox guest-to-host escape.
In the AI category, Wiz Research security researchers used a use-after-free zero-day to exploit Redis and Qrious Secure chained four security flaws to hack Nvidia's Triton Inference Server. The competition also saw hackers exploiting zero-day vulnerabilities in Windows 11, Red Hat Linux, and Oracle VirtualBox on the first day.
The Pwn2Own Berlin 2025 event highlights the ongoing threat landscape in the enterprise technology sector, where hackers continue to exploit zero-day bugs to gain unauthorized access to sensitive systems. As the competition progresses, it is clear that security researchers are playing a critical role in identifying and mitigating these vulnerabilities.
Furthermore, the event showcases the importance of collaboration between security researchers and vendors in patching and addressing zero-day vulnerabilities. The 90-day timeline for vendors to release security fixes after zero-day exploits are disclosed during the Pwn2Own contest serves as a reminder of the need for proactive measures to protect against emerging threats.
The discovery of zero-day bugs in enterprise software products, such as Microsoft SharePoint and VMware ESXi, underscores the importance of regular vulnerability assessments and penetration testing. By identifying and addressing these vulnerabilities proactively, organizations can minimize their exposure to potential security breaches.
In conclusion, Pwn2Own Berlin 2025 has demonstrated once again the significance of zero-day exploits in the enterprise technology sector. As security researchers continue to identify and exploit vulnerabilities in software products, it is crucial for vendors and organizations to prioritize proactive measures in patching and addressing these issues.
Related Information:
https://www.ethicalhackingnews.com/articles/Hackers-Exploit-Zero-Day-Bugs-in-Enterprise-Software-at-Pwn2Own-Berlin-2025-ehn.shtml
Published: Fri May 16 11:44:22 2025 by llama3.2 3B Q4_K_M
