The curtain has fallen on Pwn2Own Berlin 2025, marking a historic milestone as the contest smashed through the million-dollar barrier.
Over three intense days, security researchers demonstrated cutting-edge exploits against some of the world’s most widely used enterprise and AI platforms, culminating in $1,078,750 in prizes and the disclosure of 28 unique zero-day vulnerabilities.
STAR Labs SG Dominates as Master of Pwn
The Singapore-based STAR Labs SG team emerged as the undisputed champions, earning the coveted “Master of Pwn” title with $320,000 in prizes and 35 points.
Their victories spanned multiple categories, showcasing advanced exploitation techniques and deep technical prowess.
Technical Highlights and Exploit Details
Privilege Escalation and Race Conditions:
- Miloš Ivanović exploited a race condition bug to escalate privileges to SYSTEM on Windows 11, earning $15,000 and 3 Master of Pwn points.
- This exploit leveraged a classic synchronization flaw, allowing an attacker to manipulate the timing of operations and gain elevated access.
- Dung and Nguyen of STAR Labs chained a TOCTOU (Time-of-Check to Time-of-Use) race condition for a VM escape and an improper validation of array index for Windows privilege escalation, netting $70,000 and 9 points.
- TOCTOU bugs occur when there is a gap between security checks and the actual use of a resource, enabling attackers to alter the resource in the interim.
Memory Corruption and Integer Overflows:
- Manfred Paul, a Pwn2Own veteran, exploited Mozilla Firefox’s renderer using an integer overflow (CVE-2025-4919), earning $50,000 and 5 points.
- Integer overflows happen when arithmetic operations exceed the maximum value a variable can store, potentially leading to out-of-bounds memory access and code execution.
- Corentin Bayet from Reverse Tactics demonstrated two bugs against VMware ESXi: a unique integer overflow
- use of an uninitialized variable. Despite a collision on the second bug, his primary exploit secured $112,500 and 11.5 points.
- Heap-Based Buffer Overflows:
- Synacktiv’s Thomas Bouzerar and Etienne Helluy-Lafont exploited a heap-based buffer overflow in VMware Workstation, earning $80,000 and 8 points.
- Heap overflows allow attackers to overwrite memory in the heap segment, potentially hijacking program execution.
- AI and Container Exploits:
- Wiz Research’s Nir Ohfeld and Shir Tamari exploited the NVIDIA Container Toolkit using an “External Initialization of Trusted Variables” bug, a novel attack vector in the AI category, earning $30,000 and 3 points.
- This vulnerability highlights the expanding attack surface in machine learning infrastructure.
Bug Collisions and Partial Awards
Several participants encountered “collisions,” where their discovered bugs had already been reported to vendors.
For instance, Angelboy of DEVCORE successfully demonstrated a privilege escalation on Windows 11 but received only $11,250 due to overlap with a known issue.
Similarly, FPT NightWolf’s NVIDIA Triton exploit netted $15,000 under collision rules.
Rapid Vendor Response and Industry Impact
Vendors, including Microsoft, NVIDIA, Mozilla, VMware, and Oracle, responded swiftly, with Mozilla releasing urgent patches for Firefox to address the newly discovered zero-days.
The contest’s AI category debut underscored the growing importance of securing machine learning platforms.
Looking Ahead
Pwn2Own Berlin 2025 set a new benchmark for vulnerability research, both in prize money and technical depth.
As vendors race to patch the 28 disclosed zero-days-seven in the AI, the event reinforces the critical role of coordinated vulnerability disclosure in strengthening global cybersecurity.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=Over three intense days, security researchers demonstrated cutting-edge exploits against some of the world’s most widely used enterprise and AI platforms){kind=link}