At Pwn2Own Eire 2025, cybersecurity researchers Ben R. and Georgi G. from Interrupt Labs showcased a formidable achievement by efficiently exploiting a zero-day vulnerability within the Samsung Galaxy S25.
This allowed them to realize full management over the machine, enabling them to activate the digital camera and monitor the consumer’s location.
The exploit, revealed on the occasion’s last day, highlights ongoing safety challenges in flagship Android smartphones regardless of rigorous testing by producers.
This breach underscores the high-stakes world of moral hacking competitions, the place vulnerabilities are disclosed responsibly to enhance world machine safety.
The core challenge exploited by the Interrupt Labs workforce stemmed from an improper enter validation bug throughout the Galaxy S25’s software program stack, permitting attackers to bypass safeguards and execute arbitrary code remotely.
Samsung Galaxy S25 0-Day Vulnerability
By crafting malicious inputs, the researchers demonstrated how an adversary may silently hijack the machine with out consumer interplay, a way that evaded Samsung’s defenses throughout the stay contest.
This vulnerability, undisclosed previous to the occasion, enabled persistent entry, turning the premium smartphone right into a surveillance device able to capturing photographs, movies, and real-time GPS information.
One other huge affirmation! Ben R. And Georgi G. of Interrupt Labs used an improper enter validation bug to take over the Samsung Galaxy S25 – enabling the digital camera and site monitoring within the course of. They earn $50,000 and 5 Grasp of Pwn factors. #Pwn2Own pic.twitter.com/oNhdefPR7k— Development Zero Day Initiative (@thezdi) October 23, 2025
Specialists be aware that such flaws typically come up in multimedia or system libraries, the place fast characteristic improvement outpaces safety hardening.
For his or her subtle exploit chain, Ben R. and Georgi G. earned $50,000 in prize cash together with 5 Grasp of Pwn factors, contributing to the occasion’s large $2 million whole payout throughout 73 distinctive zero-days.
Pwn2Own, organized by the Zero Day Initiative, rewards individuals for responsibly disclosing flaws, making certain distributors like Samsung obtain detailed experiences for patching.
Samsung has but to challenge a particular assertion on this Galaxy S25 exploit, however historic patterns counsel an imminent safety replace will deal with it, just like current fixes for different Android zero-days.
Customers are suggested to allow automated updates and monitor official channels for patches, as unmitigated exploits may expose delicate information in real-world assaults.
Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.
