During the inaugural day of Pwn2Own Berlin 2025, significant vulnerabilities were exposed as security researchers successfully breached widely utilized software platforms, including Windows 11, Red Hat Enterprise Linux, and Oracle VirtualBox. Pwn2Own 2025 showcased the importance of identifying and addressing vulnerabilities in heavily relied upon systems. This event highlighted the ongoing risks associated with OS vulnerabilities, reinforcing the need for continuous security testing.
Teams such as DEVCORE Research and STARLabs showcased their prowess by demonstrating zero-day exploits, earning a total of $260,000 in rewards. Prominent vulnerabilities exploited during the event comprised integer overflows and use-after-free bugs, which were essential in gaining unauthorized access. The emergence of unfamiliar software during the exploits served as a clear indicator of successful system compromise.
DEVCORE Research and STARLabs demonstrated exceptional skill, revealing zero-day exploits that garnered $260,000 in rewards from vulnerabilities like integer overflows and use-after-free bugs.
Among the showcased exploits, Windows 11 experienced multiple zero-day attacks that allowed attackers to escalate privileges to SYSTEM level. Remarkable participants, including Chen Le Qi from STARLabs SG and Marcin Wiązowski, were instrumental in these attacks. The rewards for successful Windows 11 exploits ranged from $20,000 to significant figures, underscoring the severity of the vulnerabilities exposed.
Red Hat Enterprise Linux was the first target successfully breached in the local privilege escalation category. The DEVCORE Research Team utilized an integer overflow vulnerability to gain access, securing $20,000 for their efforts. Another exploit demonstrated by team members Hyunwoo Kim and Wongi Lee involved chaining a use-after-free vulnerability with an information leak to attain root access, further emphasizing the vulnerabilities within this enterprise software.
Oracle VirtualBox likewise suffered a significant breach, with Team Prison Break earning $40,000 for demonstrating an exploit chain that utilized an integer overflow method. This breach allowed attackers to execute arbitrary code on the underlying operating system, raising alarms regarding the security of virtualization environments.
The Pwn2Own competition format encourages participants to unveil zero-day exploits across diverse software products, facilitating knowledge sharing on prevalent security vulnerabilities.
