Pwn2Own Berlin 2025: total prize money reached $1,078,750
Pwn2Own Berlin 2025 wrapped up with $383,750 awarded on the final day, pushing the total prize money to $1,078,750 over three days. On the final day of Pwn2Own Berlin 2025, participants earned $383,750 for demonstrating zero-day in VMware Workstation, ESXi, Windows, NVIDIA, and Firefox. During the competition, the participants earned a total of $1,078,750, demonstrating […]
Pwn2Own Berlin 2025 wrapped up with $383,750 awarded on the final day, pushing the total prize money to $1,078,750 over three days.
On the final day of Pwn2Own Berlin 2025, participants earned $383,750 for demonstrating zero-day in VMware Workstation, ESXi, Windows, NVIDIA, and Firefox.
During the competition, the participants earned a total of $1,078,750, demonstrating 28 unique 0-days in multiple products, including 7 in the AI category.
STAR Labs SG won “Master of Pwn” with $320K and 35 points.
Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics exploited ESXi using two bugs; one overlapped with a prior entry, causing a COLLISION, however, his unique integer overflow earned him $112,500 and 11.5 points.
Thomas Bouzerar (@MajorTomSec) and Etienne Helluy-Lafont from Synacktiv exploited VMware Workstation with a heap-based buffer overflow, earning $80,000 and 8 Master of Pwn points.
Dung and Nguyen (@MochiNishimiya) from STARLabs exploited a TOCTOU race condition to escape the VM and an array index validation flaw for Windows privilege escalation, earning $70,000 and 9 points.
In the final Pwn2Own Berlin 2025 attempt, Miloš Ivanović (infosec.exchange/@ynwarcs) used a race condition to gain SYSTEM privileges on Windows 11, earning $15,000 and 3 Master of Pwn points.
The full list of hacking attempts made during day two is available here.
This is the time of the Pwn2Own at the OffensiveCon conference, and also the first time the competition includes an AI category.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Pwn2Own Berlin 2025)
