Ethical Hacking News
Pwn2Own Berlin 2025 Day Two: A Tale of Sophisticated Hacking Exploits
A recent update on the ongoing Pwn2Own Berlin 2025 competition highlights the impressive exploits demonstrated by participants, showcasing zero-day vulnerabilities in various products. With a total prize money of $695,000 awarded so far, this year's contest has cemented its position as a premier platform for security research. Read more to find out about the innovative techniques and exploits showcased by the participants.
Pwn2Own Berlin 2025 competition reached $695,000 in prize money after day two. 20 unique zero-days demonstrated by participants showcased the sophistication of modern-day hacking techniques. Nguyen Hoang Thach took top prize with a VMware ESXi exploit, earning $150,000 and Master of Pwn points. Exploits also included Microsoft SharePoint, Mozilla Firefox, and Red Hat Enterprise Linux vulnerabilities. Inclusion of AI in the competition added complexity to the challenge. Pwn2Own Berlin 2025 highlights the importance of staying vigilant against evolving cybersecurity threats.
Pierluigi Paganini, a renowned cybersecurity expert and security journalist, recently shared an update on the ongoing Pwn2Own Berlin 2025 competition. On day two of this high-profile hacking contest, participants have showcased their expertise by demonstrating zero-day exploits in various products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox.
The total prize money awarded for these exploits has reached a staggering $695,000, with the competition still ongoing. The 20 unique zero-days demonstrated by the participants have highlighted the sophistication of modern-day hacking techniques. Each exploit was carefully crafted to demonstrate the vulnerabilities of the respective product, leaving little room for error or complacency.
Nguyen Hoang Thach of STARLabs SG took the top prize on day two, earning $150,000 and 15 Master of Pwn points for his ingenious exploitation of VMware ESXi using a single integer overflow. This feat marks a significant milestone in the history of Pwn2Own, as it showcases the first-ever successful exploitation of an ESXi vulnerability.
Thach's exploit was a masterclass in precision and skill, demonstrating a level of expertise that is rare to see in the cybersecurity world. His success has sent shockwaves through the industry, highlighting the need for improved security measures in virtualization platforms like ESXi.
Other notable exploits include those by Dinh Ho Anh Khoa of Viettel Cyber Security, who earned $100,000 and 10 Master of Pwn points for his successful exploitation of Microsoft SharePoint using auth bypass and insecure deserialization. Edouard Bochin and Tao Yan from Palo Alto Networks also demonstrated a convincing exploit of Mozilla Firefox via an Out-of-Bounds Write, earning them $50,000 and 5 Master of Pwn points.
The inclusion of AI in this year's competition has added a new layer of complexity to the already challenging Pwn2Own challenge. As the contest continues, it will be fascinating to see how the participants adapt their strategies to incorporate AI-powered tools into their exploits.
The continued success of Pwn2Own Berlin 2025 serves as a reminder of the importance of staying vigilant in the face of evolving cybersecurity threats. The innovative techniques showcased by the participants will undoubtedly inspire new generations of cybersecurity professionals and researchers, driving progress in the field of security research.
As the competition progresses, it will be exciting to see how the participants respond to the challenges ahead. Will they continue to push the boundaries of what is possible with zero-day exploits? Only time will tell, but one thing is certain – Pwn2Own Berlin 2025 has cemented its position as a premier platform for showcasing cutting-edge security research.
Related Information:
https://www.ethicalhackingnews.com/articles/Pwn2Own-Berlin-2025-Day-Two-A-Tale-of-Sophisticated-Hacking-Exploits-ehn.shtml
https://securityaffairs.com/177943/hacking/pwn2own-berlin-2025-day-two-researcher-earned-150k-hacking-vmware-esxi.html
Published: Fri May 16 16:40:08 2025 by llama3.2 3B Q4_K_M
