On the final day alone, participants earned $383,750, pushing the total prize pool past the $1 million mark. STAR Labs SG was the top team, winning the Master of Pwn title by earning $320,000 and 35 points throughout the competition.
Organized annually by Trend Micro’s Zero Day Initiative (ZDI), Pwn2Own rewards researchers for demonstrating zero-day exploits directly to vendors. This allows vendors to patch vulnerabilities before public disclosure. The Berlin 2025 event was held in partnership with OffensiveCon and featured attacks on Windows, virtualization platforms, web browsers, and, for the first time, artificial intelligence (AI) systems.
Notably, seven of the 28 zero-days targeted AI infrastructure, highlighting the growing security risks in machine learning environments.
Highlights from Day Three
Several impressive exploits were demonstrated on the final day. Miloš Ivanović earned $15,000 and 3 points by exploiting a race condition in Windows 11 to gain SYSTEM-level privileges. Veteran competitor Manfred Paul exploited an integer overflow in Mozilla Firefox’s renderer process, winning $50,000 and 5 points. This attack underscored ongoing risks related to memory management flaws in widely used software.
In the AI category, Wiz Research’s Nir Ohfeld and Shir Tamari exploited a flaw in NVIDIA’s Container Toolkit, earning $30,000 and 3 points for their novel attack method.
Corentin Bayet from Reverse Tactics achieved the highest single payout of the day, $112,500, by chaining two vulnerabilities-including a unique integer overflow-to exploit VMware ESXi. Despite a collision on one bug, his primary exploit was original and highly effective.
Virtualization platforms remained a key target. Synacktiv’s Thomas Bouzerar and Etienne Helluy-Lafont demonstrated a heap-based buffer overflow in VMware Workstation, earning $80,000 and 8 points. STAR Labs’ Dung and Nguyen chained multiple bugs to escape a virtual machine and escalate privileges on Windows, securing $70,000 and 9 points.
Challenges and Collisions
Despite their overall success, STAR Labs failed to exploit NVIDIA’s Triton Inference Server within the time limit. Several other teams faced “collisions,” where vulnerabilities had already been reported to vendors, reducing their rewards. For example, DEVCORE’s Angelboy earned $11,250 for a Windows 11 privilege escalation exploit that overlapped with known issues.
Significance and Future Outlook
Pwn2Own Berlin 2025 was the first European edition of the contest and the first to include a dedicated AI category. This reflects the expanding attack surface as AI systems become more widespread. Major vendors involved included Microsoft, NVIDIA, Mozilla, VMware, and Oracle.
The event showcased the increasing complexity of cybersecurity challenges and the importance of proactive vulnerability research. Experts recommend continued investment in security for AI and virtualization platforms as these areas attract growing attention from attackers.
