Congrats to @mozilla for being the first vendor to patch their #Pwn2Own bugs. Oh - and go update #Firefox to get the fixes. That's two years in a row Mozilla has been the fastest. Well done!

Pwn2Own Berlin 2025 comes to a close. We awarded $1,078,750 for 28 unique 0-days. Congrats to STAR Labs SG for winning Master of Pwn with $320,000. Thanks to @offensive_con for hosting, and thanks to all who participated. Can't wait to see you next year! #Pwn2Own #P2OBerlin

Our final entry for @Pwn2Own Berlin has been confirmed as a win! Miloš Ivanović (https://infosec.exchange/@ynwarcs) used a race condition bug to escalate privileges to SYSTEM on Windows 11. His fourth-round win nets him $15,000 and 3 Master of Pwn points.

Confirmed! Thomas Bouzerar and Etienne Helluy-Lafont from Synacktiv used a heap-based buffer overflow to exploit #VMware Workstation. They earn $80,000 and 8 Master of Pwn points - sending the contest to over $1,000,000 total! #Pwn2Own

Boom! Thomas Bouzerar and Etienne Helluy-Lafont from Synacktiv close out #Pwn2Own in style with a guest-to-host escape in VMware Workstation. If confirmed, it will put the total contest payout at over $1,000,000! #Pwn2Own

Nice! #Pwn2Own newcomer Miloš Ivanović (https://infosec.exchange/@ynwarcs) successfully demonstrated his privilege escalation on #Windows 11. He heads off to the disclossure room to discuss how he did it. #P2OBerlin

A successful collision! Corentin BAYET from Reverse Tactics used 2 bugs to exploit ESXi, but the Use of Uninitialized Variable bug collided with a prior entry. His integer overflow was unique though, so he still earns $112,500 & 11.5 Master of Pwn points. #Pwn2Own

Confirmed!! Dung and Nguyen (@MochiNishimiya) of STARLabs used a TOCTOU race condition to escape the VM and an Improper Validation of Array Index for the Windows privilege escalation. They earn $70,000 and 9 Master of Pwn points. #Pwn2Own

Sweet! Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics barely needed a second to demonstrate his exploit against VMware ESXi. He heads off to the disclosure room to provide the details of his work. #Pwn2Own #P2OBerlin

Amazing! Nir Ohfeld and Shir Tamari of Wiz Research used a External Initialization of Trusted Variables bug to exploit the #NVIDIA Container Toolkit. This unique bug earns them $30,000 and 3 Master of Pwn points.