Pwn2Own Berlin 2025: Day One Results

Welcome to the first day of Pwn2Own Berlin 2025! We have 11 different attempts, including our first ever AI attempts. We’ll be updating this blog with results as we have them.

And that bring Day One of #Pwn2Own Berlin to a close. We awarded $260,000 today, but more great research is yet to come. STAR Labs has an early lead on Master of Pwn, but it’s anyone’s game at this point. Stay tuned for more results as we go.

[…]

https://whalers.ir/blog/pwn2own-berlin-2025-day-one-results/9245/

Demonstrating CVE-2025-4919: Now that it's patched, we can show you how Manfred Paul used this code execution bug in the renderer of #Mozilla Firefox to win $50,000. https://youtu.be/TG029NAGKs0 #Pwn2Own #P2OBerlin

In a video highlight from Day One of #Pwn2Own Berlin, Team Viettel targets the #NVIDIA Triton Inference server. https://youtube.com/shorts/dlPjBPr1E5o #P2OBerlin

#Pwn2Own Berlin 2025 is complete! In total, we awarded $1,078,750 for 28 unique 0-days. Join Brian Gorenc and Dustin Childs as they recap the highlights (and some lowlights) from this year's event. https://youtu.be/G7McB7L7sIs #P2OBerlin

This was our first year having an AI category at #Pwn2Own, and we weren't sure what to expect. What we got was some great research across four different frameworks. https://youtube.com/shorts/OY64_WWa8vE #P2OBerlin

Pwn2Own Berlin 2025 comes to a close. We awarded $1,078,750 for 28 unique 0-days. Congrats to STAR Labs SG for winning Master of Pwn with $320,000. Thanks to @offensive_con for hosting, and thanks to all who participated. Can't wait to see you next year! #Pwn2Own #P2OBerlin

Nice! #Pwn2Own newcomer Miloš Ivanović (https://infosec.exchange/@ynwarcs) successfully demonstrated his privilege escalation on #Windows 11. He heads off to the disclossure room to discuss how he did it. #P2OBerlin

Sweet! Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics barely needed a second to demonstrate his exploit against VMware ESXi. He heads off to the disclosure room to provide the details of his work. #Pwn2Own #P2OBerlin

Confirmed! Former Master of Pwn winner Manfred Paul (@manf) used an integer overflow to exploit #Mozilla Firefox (renderer only). His excellent work earns him $50,000 and 5 Master of Pwn points. #Pwn2Own #P2OBerlin

Just amazing. Dung and Nguyen of STARLabs not only demonstrated their guest-to-host exploit of #Oracle VirtualBox, they added on a Windows kernel vulnerability to take over the system. Tremendous work. They head off to disclosure with the details. #Pwn2Own #P2OBerlin