VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering critical vulnerabilities across major enterprise platforms and earning $435,000 in bounties.

The competition, now in its second day at the OffensiveCon conference in Berlin, has awarded a cumulative total of $695,000 with participants revealing 20 unique zero-day vulnerabilities thus far.

With a third day of competition remaining, organizers believe the total prize money could surpass the $1 million threshold.

Major Enterprise Systems Fall to Skilled Hackers

The second day of the competition saw several high-profile enterprise platforms successfully compromised.

In what marks a historic achievement, Dinh Ho Anh Khoa of Viettel Cyber Security combined an authentication bypass with an insecure deserialization bug to exploit Microsoft SharePoint, earning $100,000 and 10 Master of Pwn points.

As a widely-deployed collaboration platform in corporate environments, this SharePoint vulnerability represents a significant security risk for organizations worldwide.

The competition also witnessed successful exploits against other critical enterprise software.

According to the contest results, STAR Labs has established a commanding lead in the Master of Pwn rankings that seems unlikely to be overcome.

The first day had already seen the Star Labs team earn the highest single reward of $60,000 for an exploit chain involving a Linux kernel vulnerability that allowed them to escape Docker Desktop and execute code on the underlying operating system.

AI Security Category Draws Significant Attention

The newly introduced AI category at Pwn2Own Berlin 2025 continues to attract successful exploits from security researchers.

This inaugural Berlin edition marks the first time the competition has included dedicated AI security targets, reflecting growing concerns about vulnerabilities in emerging AI technologies.

On the first day, Sina Kheirkhah of the Summoning Team made history as the first-ever winner in the AI category, earning $20,000 for an exploit targeting the Chroma open-source AI application database.

The same researcher earned an additional $15,000 for successfully hacking an NVIDIA Triton Inference Server, though it was marked as a ‘collision’ because the vendor had prior knowledge of the bug but hadn’t yet patched it.

The AI category was specifically designed to go beyond simple prompt injections, requiring participants to achieve full code execution on AI frameworks.

“Because this is our first bounty category focused on AI infrastructure, we fully expect new and possibly significant vulnerabilities to surface,” noted Trend Micro, which organizes the event through its Zero Day Initiative.

“That’s the point. Our goal is to offer and financially compensate researchers to coordinate their findings with vendors to expose this before bad actors take advantage.”

Competition Highlights Collaborative Security Approach

Day Two also saw multiple “collision” exploits, where researchers demonstrated vulnerabilities that were already known to vendors but remained unpatched.

For instance, Mohand Acherir and Patrick Ventuzelo of FuzzingLabs exploited NVIDIA Triton, earning $15,000 despite NVIDIA already knowing about the vulnerability.

The competition underscores the importance of responsible disclosure in cybersecurity.

All vulnerabilities demonstrated during the contest are disclosed to vendors, who typically have 90 days to release security fixes before publishing technical details.

This collaborative approach between security researchers and software developers helps strengthen the overall security landscape.

“Pwn2Own isn’t just about breaking things; it’s about building a better cybersecurity landscape,” explained Trend Micro.

“By bringing researchers and vendors together in a coordinated, public forum, we accelerate the path from vulnerability discovery to patch, ensuring rapid protection”.

The third and final day of competition continues on May 17, with researchers targeting the remaining systems including Windows 11, Oracle VirtualBox, VMware products, Mozilla Firefox, and NVIDIA systems.