During the second day of PWN2OWN Berlin 2025, the competitors earned $ 435,000 after exploiting zero-day bugs in many products, including Microsoft SharePoint, VMWARE ESXI, Oracle Virtaulbox, Red Hat Enterprise Linux, and MOZILLALE Are.
This highlight was a successful attempt by the Guyen Hoang Tha of Starlabs SG against VMWARE ESXI, which earned him $ 150,000 for an integer overflow exploitation.
Dinh Ho Anh Khoa of Viettel Cyber Security was awarded $ 100,000 for hacking Microsoft SharePoint, taking advantage of an exploitation chain by combining a bypass and an unprotected deserialization defects.
Adoard Bochene and Tao Yan of Palo Alto Netws also demolished an out-off-bounds writing zero-day in the Mozilla Firefox, while Garard Tai of Star Labs enhanced the privilege to roll the red hat enterprise using a use-free bug, and the use of one Ordle Cyber Security to roll on the Red Hat Enterprise Linux using a use-free bug. Did.
In the AI category, WIZ Research Safety Researchers used a use-free zero-day to exploit NVIDIA’s Triton Inventurer Server to hack the Triton Inventurer server of NVIDIA.
On the first day, the contestants were awarded $ 260,000 after successfully exploited the voids of Zero-Day at Windows 11, Red Hat Linux and Oracle Verchu Acux, reaching a total of $ 695,000. Earned in the first two days Competition after performing 20 unique 0-days.
Of Pwn2own Berlin 2025 The hacking competition focuses on enterprise technologies, introduces AI category for the first time, and occurs during it. aggressive Conference between 15 May and 17 May.
Security Researchers AI, web browser, virtue, local privilege growth, server, enterprise application, cloud-country/container, and automotive categories will earn more than $ 1,000,000 in awards to showcase zero-day bugs.
However, no Tesla efforts were registered before the PWN2OWN began, even though two 2025 Tesla models Y and 2024 Tesla Model 3 bench-top units were also available as targets.
But Last day of competitionHackers will attempt to take advantage of zero-day bugs in Windows 11, Oracle Verchu Acux, VMware ESXI, VMware Workstation, Mozilla Firefox, as well as NVidia’s Triton Invention Server and Container Toolkit.
After the revelations of zero-day exploits during the PWN2OWN competition, vendors have 90 days to release safety improvements for their software and hardware products, before the trend micro publishes zero day initiative technical details.
Based on the analysis of 14M malicious tasks, search for the top 10 MITERAT & CK techniques behind the 93% attacks and how to defend them against them.
