Ethical Hacking News
The Pwn2Own Berlin 2025 hacking competition has concluded, with security researchers earning $1,078,750 after exploiting 29 zero-day vulnerabilities. In this article, we delve into the details of the event, highlighting the winners, the exploits used, and the implications for vendors and organizations.
The Pwn2Own Berlin 2025 hacking competition has concluded, marking a significant milestone in the world of cybersecurity research and exploits. The event saw security researchers collect $1,078,750 in cash awards after exploiting 29 zero-day vulnerabilities across various categories. The targeted devices included AI systems, web browsers, virtualization platforms, local privilege escalation tools, servers, enterprise applications, cloud-native/container technologies, and automotive systems. Security researchers demonstrated a range of exploits, including integer overflow vulnerabilities in VMware ESXi hypervisor software and zero-day flaws in Oracle VirtualBox guests. STAR Labs SG emerged as the winner, earning $320,000 in cash awards, while Team Viettel Cyber Security took second place and Team Reverse Tactics took third place. The competition highlighted the ongoing threat landscape in cybersecurity, serving as a reminder for vendors to stay vigilant and proactive in addressing vulnerabilities.
The Pwn2Own Berlin 2025 hacking competition has concluded, marking a significant milestone in the world of cybersecurity research and exploits. The event, which took place over three days in May 2025, saw security researchers from around the globe gather to test their skills and demonstrate their expertise in identifying vulnerabilities in various enterprise technologies.
According to Sergiu Gatlan, a news reporter who has covered the latest cybersecurity developments for over a decade, the Pwn2Own Berlin 2025 competition was marked by an impressive display of zero-day exploits. The event saw competitors collect a staggering $1,078,750 in cash awards after exploiting 29 zero-day vulnerabilities across various categories.
The targeted devices included AI systems, web browsers, virtualization platforms, local privilege escalation tools, servers, enterprise applications, cloud-native/container technologies, and automotive systems. In accordance with Pwn2Own's rules, all the targeted devices had been configured to run the latest operating system versions and had all security updates installed prior to the commencement of the competition.
During the event, security researchers demonstrated a range of exploits, including integer overflow vulnerabilities in VMware ESXi hypervisor software, zero-day flaws that allowed attackers to escape from Oracle VirtualBox guests to the host system, and an exploit chain combining an auth bypass and an insecure deserialization attack on Microsoft SharePoint. The competitors also successfully hacked Windows 11, Red Hat Enterprise Linux, Docker Desktop, and other enterprise technologies.
The Pwn2Own Berlin 2025 competition concluded with STAR Labs SG emerging as the winner of the event, earning $320,000 in cash awards throughout the three-day contest. Nguyen Hoang Thach from STAR Labs' team won the highest reward of $150,000 after using an integer overflow exploit to hack VMware ESXi hypervisor software.
The competition also saw Team Viettel Cyber Security take second place, demonstrating zero-day flaws that allowed attackers to escape from Oracle VirtualBox guests and hack Microsoft SharePoint. Meanwhile, Team Reverse Tactics took third place in the rankings after successfully hacking VMware's hypervisor software using an exploit chain abusing an integer overflow and an uninitialized variable bug.
Following the event, Mozilla released Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, and a new Firefox for Android version to address the two Firefox zero-day bugs (CVE-2025-4918 and CVE-2025-4919) demoed during the competition.
The Pwn2Own Berlin 2025 competition is an annual event that highlights the ongoing threat landscape in the world of cybersecurity. It serves as a reminder for vendors to stay vigilant and proactive in addressing vulnerabilities in their products, ensuring that security updates are released promptly to protect users from zero-day exploits.
In conclusion, the Pwn2Own Berlin 2025 hacking competition marked an impressive display of zero-day exploits, with competitors earning a staggering $1,078,750 in cash awards. The event serves as a reminder for vendors and organizations to prioritize cybersecurity and proactively address vulnerabilities in their products.
Related Information:
https://www.ethicalhackingnews.com/articles/Zero-Day-Exploits-A-1078750-Windfall-for-Pwn2Own-Berlin-2025-Competitors-ehn.shtml
Published: Mon May 19 10:45:16 2025 by llama3.2 3B Q4_K_M
