Greater than $1 million had been paid out on the Pwn2Own Berlin 2025 hacking competitors organized final week by Pattern Micro’s Zero Day Initiative (ZDI) in Berlin, Germany.
ZDI introduced that white hat hackers have been awarded a complete of $1,078,750 for 28 beforehand unknown vulnerabilities throughout working methods, AI merchandise, container software program, browsers, virtualization software program, and servers.
Of the whole quantity, $140,000 was earned for AI hacks, together with ones concentrating on the Chroma open supply AI software database, and NVIDIA’s Triton Inference Server and Container Toolkit. This was the primary Pwn2Own to incorporate the AI class.
The most important single reward, $150,000, went to the STAR Labs SG staff for the primary VMware ESXi hack in Pwn2Own historical past. A second ESXi exploit earned a researcher from REverse Ways $112,500.
A big prize, $100,000, was additionally earned for a Microsoft SharePoint exploit that chained authentication bypass and insecure deserialization vulnerabilities.
A VMware Workstation exploit earned $80,000, and an exploit chain combining an Oracle VirtualBox escape and a Home windows privilege escalation earned $70,000. Members had been awarded $40,000 every for Redis and different VirtualBox exploits.
Two Firefox exploits earned individuals $50,000 every. The exploits didn’t embody a sandbox escape, which might have doubled their worth. However, Mozilla rushed to deal with them and launched patches on the identical day.
The STAR Labs SG staff received the competition, incomes a complete of $320,000 for its exploits. Commercial. Scroll to proceed studying.
There have been no exploitation makes an attempt within the enterprise software program class, which incorporates Adobe Reader and Microsoft 365 apps, nor the automotive class, which supplied prizes of as much as $500,000 for hacking a Tesla.
Associated: Hackers Earn $886,000 at Pwn2Own Automotive 2025 for Charger, OS, Infotainment Exploits
Associated: Over $1 Million Paid Out at Pwn2Own Eire 2024
Associated: Synology, QNAP, TrueNAS Deal with Vulnerabilities Exploited at Pwn2Own Eire
