As security researchers gathered at Pwn2Own Berlin 2025, multiple teams successfully demonstrated critical vulnerabilities in major operating systems and virtualization platforms, earning $260,000 in rewards on the first day alone.
The event, hosted at OffensiveCon, showcased 11 exploit attempts targeting Windows 11, Red Hat Enterprise Linux, Oracle VirtualBox, and other prominent systems.
Chen Le Qi from STAR Labs SG demonstrated a sophisticated exploit chain on Windows 11, combining use-after-free and integer overflow vulnerabilities to achieve SYSTEM-level privileges, earning $30,000 for the successful breach.
Security researcher Chen Le Qi successfully breached Windows 11 through chained vulnerabilities, demonstrating system-wide access at Pwn2Own Berlin.
The DEVCORE Research Team, led by Pumpkin, exposed a critical integer overflow vulnerability in Red Hat Linux, which resulted in local privilege escalation and a $20,000 reward.
Team Prison Break executed a particularly notable attack against Oracle VirtualBox, leveraging an integer overflow vulnerability to escape virtual machine constraints and execute code on the host operating system, securing a $40,000 prize.
Billy and Ramdhan from STAR Labs achieved the day’s highest reward of $60,000 by demonstrating a container escape in Docker Desktop through a Linux kernel flaw.
The competition revealed a concerning pattern of exploitable vulnerabilities, with integer overflow and use-after-free flaws appearing consistently across multiple platforms.
Red Hat Linux proved particularly vulnerable to chained attacks, as demonstrated by researchers Hyunwoo Kim and Wongi Lee, who encountered an N-day bug collision during their exploitation attempt.
The event marked several milestones, including the introduction of the first-ever AI category, which saw successful exploitation of the Chroma platform.
Over the first two days, participants uncovered 39 unique zero-day vulnerabilities, resulting in total awards of $695,000.
The demonstrated exploits highlighted critical security weaknesses in fundamental technology infrastructure, emphasizing the ongoing importance of vulnerability research and responsible disclosure in maintaining digital security.
Organizations can protect against similar vulnerabilities by implementing security awareness training and maintaining strong security practices to comply with industry regulations.
