Safety researchers uncovered vital zero-day vulnerabilities throughout main enterprise platforms throughout the second day of Pwn2Own Berlin 2025, incomes a staggering $435,000 in bounties.
The competitors, hosted on the OffensiveCon convention, witnessed profitable exploits towards VMware ESXi, Microsoft SharePoint, Mozilla Firefox, and Purple Hat Enterprise Linux, demonstrating vital safety gaps in extensively used enterprise software program.
In a historic achievement, Nguyen Hoang Thach of STARLabs SG executed the first-ever profitable VMware ESXi exploit in Pwn2Own historical past. Utilizing a single integer overflow vulnerability, Thach compromised the virtualization platform, incomes $150,000 and 15 Grasp of Pwn factors.
This high-impact vulnerability in ESXi is especially regarding because the hypervisor is extensively deployed in enterprise information facilities worldwide.
Microsoft SharePoint proved equally susceptible when Dinh Ho Anh Khoa of Viettel Cyber Safety chained an authentication bypass with an insecure deserialization bug to realize unauthorized entry. The exploit earned him $100,000 and 10 Grasp of Pwn factors.
As a collaboration platform built-in with Microsoft 365 environments, this SharePoint vulnerability represents a big threat to organizational information safety.
Browser safety was additionally compromised as Palo Alto Networks researchers Edouard Bochin and Tao Yan demonstrated an out-of-bounds write vulnerability in Mozilla Firefox, incomes $50,000 and 5 Grasp of Pwn factors. The browser exploit highlights ongoing dangers in client-side software program regardless of years of safety hardening.
Purple Hat Enterprise Linux fell to Gerrard Tai of STARLabs SG, who leveraged a use-after-free bug to escalate privileges, securing $10,000 and additional consolidating STAR Labs’ commanding lead within the Grasp of Pwn standings.
Confirmed! Gerrard Tai of STAR Labs SG Pte. Ltd used a Use-After-Free bug to escalate privileges on Purple Hat Enterprise Linux. Their third-round win earns them $10,000 and a couple of Grasp of Pwn factors. pic.twitter.com/BXMKZNZ0lj— Pattern Zero Day Initiative (@thezdi) Might 16, 2025
The newly launched AI class continued to draw profitable exploits. Benny Isaacs, Nir Brakha, and Sagi Tzadik of Wiz Analysis exploited Redis utilizing a use-after-free vulnerability, incomes $40,000 and 4 Grasp of Pwn factors.
Ho Xuan Ninh and Tri Dang from Qrious Safe additionally chained 4 distinct bugs to compromise NVIDIA’s Triton Inference Server, receiving $30,000 and three factors.
“And that wraps up Day Two! We awarded $435,000, which brings the competition complete to $695,000,” introduced the Zero Day Initiative, which operates the competitors. “With a 3rd day nonetheless to return, there’s a really actual likelihood we may attain the $1,000,000 threshold.”
The competitors has revealed 20 distinctive zero-day vulnerabilities throughout two days, with STAR Labs establishing a seemingly insurmountable lead within the Grasp of Pwn rankings.
Oracle VirtualBox was additionally efficiently exploited when Viettel Cyber Safety demonstrated a guest-to-host escape utilizing an out-of-bounds write vulnerability, incomes $40,000.
Day Three of the competitors will proceed on Saturday, Might 17, with remaining scheduled makes an attempt concentrating on Home windows 11, Oracle VirtualBox, VMware merchandise, Mozilla Firefox, and NVIDIA programs.
All vulnerabilities demonstrated throughout the contest are responsibly disclosed to distributors, who’ve 90 days to launch safety fixes earlier than publishing technical particulars.
This inaugural Berlin version of Pwn2Own marks the competitors’s first time together with an AI class, reflecting rising issues about safety in rising applied sciences.
Vulnerability Assault Simulation on How Hackers Quickly Probe Web sites for Entry Factors – Free Webinar
