Pwn2Own Berlin 2025 Day 1: Critical Software Breaches & Rising Cybersecurity Threats

The first day of Pwn2Own Berlin 2025 brought the cybersecurity spotlight back to some of the world’s most critical software platforms, revealing a dynamic and, at times, unsettling glimpse into the vulnerabilities that underscore the modern IT ecosystem. On this opening day alone, researchers breached flagship releases—Windows 11, Red Hat Linux, Oracle VirtualBox, and even Docker Desktop—while the competition registered its first-ever successful exploit in the newly introduced AI category. With 11 exploit attempts and $260,000 awarded in bounties, the stakes, and the technical sophistication, have never been higher.

Pwn2Own: The Modern Gladiator Arena for Cybersecurity​

Pwn2Own has long stood as a premier stage where elite hackers pit their skills against hardened targets under real-world conditions. It is celebrated not merely for the cash prizes, but for how it catalyzes software resilience and drives vendors to patch critical vulnerabilities disclosed through this process. Importantly, the event incentivizes responsible disclosure: all bugs witnessed here are provided to the vendors, who then rush to release public fixes—sometimes within hours.

Day 1: A Cascade of Zero-Days and High-Impact Breaks​

The opening salvos in Berlin saw household names in technology suffering sophisticated, chained attacks that bypassed the latest security defenses.

Red Hat Linux: Two Paths to Root​

On a platform synonymous with stability, pumpkin (@u1f383) from DEVCORE Research Team exposed an integer overflow vulnerability that enabled privilege escalation—from a standard user into the root account. This technique netted $20,000 and 2 Master of Pwn points, underscoring just how high the bar has become for both attackers and defenders.
Shortly thereafter, Hyunwoo Kim (@V4bel) and Wongi Lee (@_qwerty_po) from Theori unveiled a blended approach: exploiting an information leak and a use-after-free bug for another root escalation. Yet, because a component of their chain relied on a previously disclosed (N-day) bug, the rules reduced their bounty to $15,000 and 1.5 points. This speaks to Pwn2Own’s system for rewarding unique vulnerabilities but also highlights the persistent challenge of organizations failing to patch already known issues.

Windows 11: Breaches on Multiple Fronts​

Microsoft’s latest desktop operating system—known for its mature security features such as Virtualization-Based Security (VBS) and Kernel-mode Code Integrity (KMCI)—nevertheless fell to a trio of finely crafted attacks.

• Chen Le Qi (@cplearns2h4ck) from STAR Labs SG combined a use-after-free with an integer overflow to seize SYSTEM privilege, typically the highest level of access a local attacker can execute. This chain earned $30,000 and 3 points.
• Marcin Wiązowski unlocked a textbook out-of-bounds write for SYSTEM privilege escalation: another $30,000 and 3 points.
• Hyeonjin Choi (@d4m0n_8) of Out Of Bounds landed a type confusion exploit (a notoriously tricky bug class to mitigate entirely), for $15,000 and 3 points.

The diversity of vulnerabilities on display—use-after-free, integer overflow, out-of-bounds write, type confusion—demonstrates both the depth of current attacker toolkits and the continual challenge for Windows engineers working to stamp out entire bug classes.

Oracle VirtualBox: Breaking Free from the Sandbox​

Virtualization software is supposed to act as a fortress: isolating “guest” workloads from the “host” operating system. On Day 1, Team Prison Break (Best of the Best 13th) lived up to its name—exploiting an integer overflow to break out of Oracle VirtualBox and achieve code execution on the host. This feat, rewarded with $40,000 and 4 Master of Pwn points, was a sharp reminder that no sandbox is inherently impenetrable.

Docker Desktop: Escaping Containers​

Containers are the linchpin of contemporary DevOps, promising robust isolation between workloads. However, “Billy and Ramdhan” of STAR Labs cracked Docker Desktop wide open, chaining a use-after-free in the Linux kernel to escape the containerized environment—and seize control of the host OS. The technique, netting the biggest prize of the day ($60,000, 6 points), highlights the often-underestimated kernel attack surface exposed via container engine integrations.

AI Security: Historic Inroads and the Chroma Exploit​

Pwn2Own Berlin 2025’s premiere of an AI category proved not just ceremonial but consequential. In a headline-grabbing moment, Sina Kheirkhah (@SinSinology) of the Summoning Team pulled off a working exploit against Chroma, a software product in the AI space. The $20,000 bounty and 2 points marked Pwn2Own’s first confirmed AI-related breach. As artificial intelligence becomes enmeshed in critical infrastructure—from cloud services to medical diagnostics—this event signaled the urgent need for dedicated AI security research.

The Problem of N-Day Collisions​

The NVIDIA Triton Inference Server became the competition’s crucible for a persistent conundrum in security: N-day vulnerabilities. Both Summit Team’s Sina Kheirkhah and Viettel Cyber Security (@vcslab) successfully exploited previously cataloged flaws (publicly known prior to the competition), which—per Pwn2Own’s rules—meant split rewards of $15,000 and 1.5 points each. While visible progress is being made in finding new zero-days, these collisions serve as stark reminders that real-world exploits often arise from unpatched, well-documented issues. Vendors, in this case NVIDIA, are urged to accelerate their remediation processes; anything less is an open invitation to attackers in the wild.

Analysis: What These Breaches Reveal​

Windows 11: Persistent Exploitability Amid Enhanced Defenses​

Despite the much-publicized improvements over Windows 10, including hardware security by default and the strengthening of features like Microsoft Defender and Application Guard, these exploits clarify that attackers remain one step ahead in niche scenarios. Chained vulnerabilities—where one minor bug is leveraged to prime the system for a major escalation—are particularly hard to defend against. These findings are likely to accelerate Microsoft’s move toward adopting more aggressive memory safety initiatives (like adopting Rust for critical subsystems, a direction already publicly discussed by Microsoft engineers) and requiring rapid patch deployment via Windows Update.

Red Hat Linux: The Importance of Patch Vigilance and Open Source Auditing​

Linux distributions, despite open source transparency and wide community engagement, are not immune to critical flaws. The success of both an integer overflow and a UAF/information leak attack chain should spark debate about the need for ongoing security audits of legacy code and more assertive vulnerability management in enterprise environments. While Red Hat is celebrated for its rapid patch cycles and strong vulnerability disclosure programs, customers need to be just as diligent about applying patches to close the window of exposure.

Virtualization and Container Escapes: A Continuing Arms Race​

The compromised state of both VirtualBox and Docker Desktop underscores the reality that isolation—whether via hypervisors or container engines—remains a moving target. Attackers are increasingly sophisticated in seeking obscure bugs deep within the stack, often relying on decades-old kernel pathways or recently introduced features that have not yet been thoroughly vetted. For organizations that rely on nested virtualization and containerization for multi-tenant computing, these exploits suggest that defense-in-depth must extend beyond software controls, incorporating hardware root of trust, runtime behavioral analytics, and aggressive segmentation.

AI and the New Attack Surface​

The debut of the AI exploit category is more than symbolic. As AI models become centralized services, manipulating business processes and influencing decision-making, their supporting infrastructure becomes an irresistible target. The successful breach of Chroma—even if limited in scope—should serve as an early warning for the industry to prioritize research into adversarial machine learning, robust model validation, and comprehensive threat modeling for the AI stack.

N-Day Vulnerabilities: A Lingering Achilles Heel​

Perhaps the most troubling thread running through Day 1 was the continued prevalence—and exploitability—of N-day bugs. While zero-days get the headlines, the fact that attackers can so reliably chain together older, publicly documented flaws speaks volumes about the state of patch hygiene across the industry. It is clear that speed of disclosure must be matched by speed in remediation. Vendors must invest in end-to-end vulnerability management, and customers should prioritize automated patching where feasible.

Pwn2Own’s Competitive Structure and Ethical Impact​

It’s important to note that Pwn2Own serves as much as a proving ground as a public service. By rewarding hackers who responsibly disclose their discoveries, the event helps shift the economics of vulnerability research away from the black market. The scoring, with Master of Pwn points, keeps the competition fierce, while the monetary prizes ensure the best talent remains engaged on the ethical side of the fence.
Currently, STAR Labs holds the early lead for Master of Pwn, but with several days of competition remaining, the field remains wide open. The competitive spirit not only pushes participants to find increasingly sophisticated bugs but almost gamifies the global improvement of software security.

Critical Strengths and Notable Risks​

Strengths Highlighted​

• Rapid vulnerability discovery: Pwn2Own uncovers and responsibly reports impactful zero-days at a pace that would otherwise be unusual for commercial bug bounty programs.
• Vendor responsiveness: The event creates a high-pressure scenario for vendors to rapidly release fixes, decreasing real-world exploitability windows for end users.
• Diversity of platforms tested: From Windows to Linux, Docker to AI-specific targets, the competition provides a holistic view of what’s at risk, highlighting systemic patterns rather than isolated events.

Persistent Risks​

• Patch lag: N-day collisions demonstrate that even after public disclosure, many organizations are slow or unable to apply critical security fixes. This “patch lag” is perhaps as dangerous as undisclosed vulnerabilities.
• Complex exploit chains: The sophistication of attack chains means that partial mitigation—fixing only one out of several chained bugs—will often fail to protect users. Holistic approaches to vulnerability management, including defense-in-depth, are vital.
• Expanding attack surfaces: With containers, virtualization, and especially AI systems being targeted, the attack surface for modern IT infrastructure is growing, and many organizations lack the specialized expertise required to secure these fronts.
• AI as a new frontier: The AI exploit marks a paradigm shift: adversaries are already adapting to target AI infrastructure, where consequences can be far-reaching, from data leaks to biased automation outcomes.

Responsible Disclosure and the Path Forward​

The broader lesson here is that no operating system, no virtual machine, and no AI framework can afford to rest on security laurels. Pwn2Own demonstrates the necessity for proactive, not reactive, approaches to software assurance. Moving forward, expect the following downstream effects:

• Faster vendor patching: Face-saving incentives for vendors will likely see accelerated patch development and deployment for all products breached during Pwn2Own.
• Public awareness: Major breaches of household names like Windows and Red Hat will prompt increased scrutiny from both enterprise stakeholders and the media, fueling calls for more robust endpoint security and even regulatory attention.
• Deeper security research in AI: As AI models and their ecosystems become more deeply tethered to core business processes, targeted security research and red teaming exercises will proliferate in response.

Conclusion: A Call to Sustained Vigilance​

Day 1 of Pwn2Own Berlin 2025 has already set the tone for a year of reckoning. The breakdown of trusted boundaries in Windows 11, Red Hat Linux, Oracle VirtualBox, and Docker Desktop—plus the landmark crossing into AI system hacking—lays bare a simple truth: the race between attackers and defenders is only intensifying. The only sustainable answer is an ecosystem-wide commitment to transparency, speed, and shared accountability.
For end-users and enterprises alike, the event is a timely nudge to double down on automated patch management, defense-in-depth, and continual user education. For vendors, it’s a reminder that innovation in software features must be matched by innovation in software defense—lest the next zero-day comes not from a conference stage, but from a well-funded cybercriminal quietly testing their exploits in the wild.

---

Source: CybersecurityNews Windows 11, Red Hat Linux, & Oracle VirtualBox Hacked - Pwn2Own Day 1