Welcome to the third and final day of Pwn2Own Berlin 2025. We' start the day at $695,000 awarded for the contest. It will be interesting to see if we can breach the million dollar mark. Stay tuned for all of the results.
And we are finished!! What an amazing three days of research. Today, we awarded $383,750, which brings the event total to $1,078,750! Congratulations to the STAR Labs SG team for winning Master of Pwn. They earned $$320,000 and 35 Master of Pwn points. During the event, we purchased (and disclosed) 28 unique 0-days - seven of which came from the AI category. Thanks to OffensiveCon for hosting the event, the participants for bringing their amazing research, and the vendors for acting on the bugs quickly.
COLLISION - Although Angelboy (@scwuaptx) from DEVCORE Research Team successfully demonstrated their privilege escalation on Windows 11, one of the two bugs he used was known to the vendor. He still earns $11,250 and 2.25 Master of Pwn points.
COLLISION - Although @namhb1, @havancuong000, and @HieuTra34558978 of FPT NightWolf successfully exploited NVIDIA Triton, the bug they used was known by the vendor (but not patched yet). They still earn $15,000 and 1.5 Master of Pwn points.
SUCCESS - Former Master of Pwn winner Manfred Paul used an integer overflow to exploit Mozilla Firefox (renderer only). His excellent work earns him $50,000 and 5 Master of Pwn points.
SUCCESS - Nir Ohfeld (@nirohfeld) Shir Tamari (@shirtamari) of Wiz Research used a External Initialization of Trusted Variables bug to exploit the #NVIDIA Container Toolkit. This unique bug earns them $30,000 and 3 Master of Pwn points.
FAILURE - Unfortunately, the team from STAR Labs could not get their exploit of NVIDIA's Triton Inference server working within the time allotted.
SUCCESS - Dung and Nguyen (@MochiNishimiya) of STARLabs used a TOCTOU race condition to escape the VM and an Improper Validation of Array Index for the Windows privilege escalation. They earn $70,000 and 9 Master of Pwn points.
SUCCESS/COLLISION - Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics used two bugs to exploit ESXi, but the Use of Uninitialized Variable bug collided with a prior entry. His integer overflow was unique though, so he still earns $112,500 and 11.5 Master of Pwn points.
SUCCESS - Thomas Bouzerar (@MajorTomSec) and Etienne Helluy-Lafont from Synacktiv (@Synacktiv) used a heap-based buffer overflow to exploit VMware Workstation. They earn $80,000 and 8 Master of Pwn points.
SUCCESS - In the final attempt of Pwn2Own Berlin 2025, Miloš Ivanović (infosec.exchange/@ynwarcs) used a race condition bug to escalate privileges to SYSTEM on Windows 11. His fourth-round win nets him $15,000 and 3 Master of Pwn points.
