Pwn2Own Berlin 2025 Day Two: researcher earned 150K hacking VMware ESXi
On day two of Pwn2Own Berlin 2025, participants earned $435,000 for demonstrating zero-day in SharePoint, ESXi, VirtualBox, RHEL, and Firefox. On day two of Pwn2Own Berlin 2025, bug hunters earned a total of $435,000, which brings the contest total to $695,000, after $260,000 was awarded during the first day of the competition. The participants demonstrated […]
On day two of Pwn2Own Berlin 2025, participants earned $435,000 for demonstrating zero-day in SharePoint, ESXi, VirtualBox, RHEL, and Firefox.
On day two of Pwn2Own Berlin 2025, bug hunters earned a total of $435,000, which brings the contest total to $695,000, after $260,000 was awarded during the first day of the competition. The participants demonstrated 20 unique zero-days in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox.
Nguyen Hoang Thach of STARLabs SG exploited an integer overflow to hack VMware ESXi earning $150,000 and 15 Master of Pwn points.
Dinh Ho Anh Khoa of Viettel Cyber Security earned $100,000 and 10 Master of Pwn points for exploiting Microsoft SharePoint using auth bypass and insecure deserialization.
Edouard Bochin and Tao Yan from Palo Alto Networks earned $50,000 and 5 Master of Pwn points for exploiting Mozilla Firefox via an Out-of-Bounds Write.
The full list of hacking attempts made during day two is available here.
This is the time of the Pwn2Own at the OffensiveCon conference, and also the first time the competition includes an AI category.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Pwn2Own Berlin 2025)
