Pwn2Own Berlin 2025 Reveals Critical Enterprise Security Vulnerabilities

When the doors opened on the first day of Pwn2Own Berlin 2025, few could have predicted just how quickly and decisively some of the world’s most widely used enterprise operating systems would fall to the creative might of leading security researchers. Within hours, Windows 11 and Red Hat Enterprise Linux had each been breached with zero-day exploits—demonstrating, yet again, that even today’s most advanced, security-hardened platforms can still harbor undetected vulnerabilities. As the dust settled, participants had already walked away with $260,000 in rewards, and the information security landscape was left with critical lessons and urgent challenges.

The Scene: Pwn2Own Berlin 2025​

Organized by the Zero Day Initiative (ZDI) and hosted at OffensiveCon in Berlin, this year’s Pwn2Own competition focused squarely on enterprise technologies. Running from May 15–17, the event drew seasoned exploitation teams, independent researchers, and vendor representatives. New for 2025 was the introduction of an Artificial Intelligence category, reflecting the growing corporate uptake of AI-powered tooling—and its associated attack surface.
Over three days, participants would target a robust suite of enterprise infrastructures, including fully patched instances of Windows 11, Red Hat Enterprise Linux for Workstations, Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Docker Desktop, web browsers like Mozilla Firefox and Chrome, and even bench-top units of the latest Tesla vehicles.
A key hallmark of the event: Pwn2Own’s “full patch” requirement. Researchers must demonstrate working exploits on products that have been updated to the latest available security fixes. This ensures that the vulnerabilities revealed are previously undisclosed, also known as “zero-days”, and are likely present on systems in active use around the globe.

Major Victims: Windows 11 and Red Hat Linux Compromised​

Red Hat Enterprise Linux for Workstations​

The very first demonstration of the competition saw the DEVCORE Research Team—specifically, "Pumpkin"—break local privilege escalation protections on Red Hat Enterprise Linux by successfully exploiting an integer overflow vulnerability. The exploit, which enabled the researchers to elevate privileges from a standard user to root access (the highest level of control on Linux systems), earned the team $20,000. This attack typifies a class of flaws where arithmetic errors during software operations crash through security boundaries, particularly sinister because they can lurk beneath complex system layers for years before discovery.
Not long after, researchers Hyunwoo Kim and Wongi Lee showcased a different approach to subverting Red Hat Linux, this time by chaining a use-after-free bug with an information leak. As the duo chained these low-level flaws together, they too secured root privileges, though their payout was affected by what the community calls a "bug collision." One of the bugs exploited was not entirely novel—a so-called “N-day” vulnerability—dropping the uniqueness (and thus the bounty) of their overall demonstration.

Windows 11: A Trio of Prizes​

Microsoft’s flagship desktop OS, Windows 11, did not fare much better. Chen Le Qi from Singapore-based STARLabs SG was awarded $30,000 for an exploit chain that combined a use-after-free bug with an integer overflow, ultimately escalating privileges to SYSTEM, which is functionally equivalent to root in the Windows world. SYSTEM-level privileges are the most coveted by attackers, permitting blanket access to files, security settings, and sensitive secrets.
But Windows 11 was not breached just once. Marcin Wiązowski later exploited an out-of-bounds write vulnerability—a type of bug where the attacker writes data outside the allocated memory boundary, potentially altering program execution or seizing control of the underlying system. Hyeonjin Choi followed suit, demonstrating a type confusion zero-day, a complex category of memory safety errors arising when a program mistakenly interprets data as the wrong type—often with catastrophic consequences.
Each of these attacks, demonstrated in front of both judges and vendor representatives, underscores a persistent weakness in even the latest iterations of Windows’ security architecture: the enduring prevalence of memory safety issues.

Virtualization, Containers, and Cloud-Native Risks​

Escaping the Sandbox: Oracle VirtualBox and Docker Desktop​

Outside of traditional operating system targets, virtualization and containerization products came under direct fire—categories of technology often assumed to be inherently more secure due to their isolation mechanisms.
Team Prison Break earned $40,000 by using an integer overflow vulnerability to break out of Oracle VirtualBox, the widely used open-source virtualization platform. Successful “VM escapes” are serious; they allow code running inside a supposed “contained” environment to execute commands against the host operating system, drastically expanding the scope and impact of a compromise.
In an equally notable win, STARLabs SG's Billy and Ramdhan were awarded $60,000 for exploiting Docker Desktop, the go-to containerization solution for developers and enterprises. By chaining a fresh use-after-free zero-day, they managed to break beyond Docker’s container boundaries, executing code directly on the underlying host OS. This feat is a sobering reminder to DevOps and IT administrators: segmentation and virtualization technologies are not foolproof, and maintaining strong defense-in-depth strategies is still essential.

AI and Enterprise Application Security: Emerging Frontiers​

Summoning Team’s Sina Kheirkhah captured further attention—and $35,000—by demonstrating a zero-day named “Chroma” in conjunction with an already known security gap in Nvidia’s Triton Inference Server. As enterprises increasingly rely on GPU-accelerated deep learning inference platforms for AI workloads, vulnerabilities in such infrastructure could provide powerful entry points for attackers — especially when it comes to manipulating or extracting sensitive AI models and data.
With the AI category now a fixture at Pwn2Own, similar high-stakes exploits are anticipated, aimed both at underlying machine learning infrastructure and the applications built atop it.

Prize Money, Leaderboards, and the Path to Patching​

On just the first day, the leaderboard reflected accumulated awards of $260,000—proof not only of the event’s prestige but also of the collective focus and expertise of the world’s top vulnerability researchers. The full award pool for this year’s Berlin event stretched beyond $1 million in cash and prizes, including opportunities to target high-profile categories such as:

• Web browsers (Mozilla Firefox, Chrome)
• Virtualization platforms (VMware ESXi, Oracle VirtualBox)
• Cloud-native and containerization products (Docker, Kubernetes)
• Server and enterprise applications (Microsoft SharePoint)
• AI platforms
• Automotive targets (2024–2025 Tesla Model 3/Y bench-top units)

Interestingly, while both the 2024 Tesla Model 3 and the newer Model Y vehicles were available for attack, no research teams attempted to demonstrate exploits on these automotive platforms on the first day—a possible reflection of the complexity or risk associated with these targets, or the immense preparation typically needed to breach modern automotive security systems.

Zero-Day Disclosure and Patch Timelines​

A defining feature of Pwn2Own is its responsible disclosure principle. All demonstrated exploits are immediately disclosed to the affected vendors—Microsoft, Red Hat, Oracle, Nvidia, and others—who then have 90 days to develop and release appropriate security fixes before the vulnerability details are made public. This 90-day “patch window” is now an accepted industry standard, balancing the need for rapid hardening of widely used software without exposing end users to immediate risk.
Enterprises and administrators should heed the lessons from this competition: the threat landscape is dynamic, not static. Being fully patched—while mandatory—is not an ironclad shield; unknown vulnerabilities persist and can be harnessed by both well-intentioned researchers and malicious attackers.

Critical Analysis: Strengths and Risks​

Notable Strengths​

• Ongoing Security Investment by Vendors: The presence of vendor representatives at Pwn2Own, quick acknowledgment of disclosed bugs, and commitment to rapid patch turnaround are all evidence of the maturity of today’s security response processes.
• Researcher Creativity and Collaboration: Many of the successful exploits involved multi-stage chains, demonstrating a profound understanding of complex systems and a willingness to build upon, and share, technical knowledge.
• Robustness in Public Disclosure: The competition format ensures that newly discovered vulnerabilities rapidly find their way to the vendors best placed to fix them—rather than languishing in underground marketplaces or being exploited in the wild.

Significant Risks​

• Persistence of Memory Safety Bugs: The repeated exploitation of use-after-free, type confusion, integer overflow, and out-of-bounds write vulnerabilities—across both Windows and Linux—highlights enduring systemic weaknesses. Despite decades of investment in compiler hardening, sandboxing, and runtime checks, memory safety remains the software industry’s Achilles' heel.
• Attack Surface Expansion: As enterprises and vendors expand their reliance on complex supply chains (containers, virtualization, AI-powered decision engines), the attack surface grows—sometimes exponentially. Attacks that cross security boundaries, such as VM or container escapes, demonstrate how a single lapse can cascade into much broader compromise.
• Potential for Bug Collisions and N-Day Vulnerabilities: The “bug collision” affecting Hyunwoo Kim and Wongi Lee’s Red Hat exploit reveals a messy reality: not every “new” vulnerability is truly novel, and coordination between bug bounty programs and vendor advisories remains imperfect. N-day exploits still represent real threats, especially if patches are not universally and swiftly deployed.
• Unverifiable Claims and Opacity: While Pwn2Own prizes responsible disclosure and public accountability, not every exploit demonstrated can be independently verified until vendors release advisories or proof-of-concept code becomes available. For time-sensitive or high-risk bugs, the window between demo and patch can be a period of heightened risk—particularly for highly motivated attackers.

Lessons for Enterprises and Users​

For defenders, the message is clear: patching must be relentless, but so too must be efforts to deploy mitigation layers, intrusion detection, and ongoing monitoring of all endpoints and cloud environments. No single product is immune, no matter how recent its last security update. Privilege escalation, sandbox escapes, and memory corruption bugs remain among the most lucrative and dangerous classes of vulnerabilities, as proven yet again at Pwn2Own Berlin.
Organizations should:

• Implement a robust vulnerability management and patching process, prioritizing critical infrastructure.
• Invest in modern endpoint protection and detection tools capable of identifying post-exploitation activity.
• Stay informed of new security advisories—especially within the “patch window” following major competitions.
• Consider additional safeguards such as sandboxing, application whitelisting, least-privilege configurations, and regular security training for administrators and developers alike.

The Road Ahead: Will Security Win the Arms Race?​

Each year, Pwn2Own acts as both a wake-up call and a barometer for the state of software and platform security. The fact that the best-defended enterprise operating systems and virtualization stacks can be breached in minutes—with live demos in front of a panel of judges and peers—demonstrates the relentless ingenuity of the security research community.
Yet, these same demonstrations also drive progress: vendors rush patches to market, mitigations are enhanced, and architectural investments (such as hardware-backed isolation and memory-safe programming languages) are prioritized. The $1 million+ prize pool serves as both carrot and stick—rewarding disclosure, deterring malicious abuse.
As the event heads into its final day, with researchers poised to tackle everything from web browsers and cloud-native platforms to AI engines and automotive stacks, the eyes of the industry are firmly fixed on every exploit chain that lands. For every system breached in Berlin, millions of endpoints worldwide could soon see strengthened lines of digital defense—if, and only if, enterprises and individuals respond swiftly and decisively.

Final Thoughts​

Pwn2Own Berlin 2025’s first-day results confirmed an unsettling truth: even flagship software from industry titans like Microsoft and Red Hat remains vulnerable to determined, well-equipped attackers. The ongoing escalation in both complexity and stakes—across desktops, clouds, AI, and even cars—demands that vendors, enterprises, and end users alike take security more seriously than ever before.
By shining a light into the darkest corners of enterprise infrastructure, Pwn2Own propels the entire ecosystem forward. But the arms race between exploit and patch continues—just as fierce, just as critical, as ever.

---

Source: BleepingComputer Windows 11 and Red Hat Linux hacked on first day of Pwn2Own

 

[ChatGPT]

The fierce spotlight of the global cybersecurity stage turned to Berlin as Pwn2Own 2025 began, immediately making headlines with high-profile, real-world exploitation of Windows 11, Red Hat Linux, and VirtualBox. Security researchers proved once more that no system, regardless of vendor reputation or claimed isolation, is impervious when subjected to the scrutiny of the world’s most talented vulnerability hunters. With $260,000 in prize money awarded on the opening day alone, the contest has not just exposed deep technical flaws but also fueled urgent conversations about the state of modern operating system and virtualization security.

Breaking Down the Day 1 Exploits​

Windows 11: Chained Vulnerabilities Expose Weakness​

Pwn2Own’s first day saw not one but three distinct privilege escalation attacks succeed against Microsoft’s Windows 11—an uncomfortable reminder of the fragility even in the company’s flagship OS version.

Multi-Stage Exploit Chains​

Chen Le Qi from STARLabs SG combined a classic use-after-free (UAF) vulnerability with an integer overflow to breach Windows 11’s privilege boundaries and reach SYSTEM access. This sophisticated attack, which netted the researcher $30,000, demonstrated a core truth in modern exploit development: attackers rarely rely on a single bug, but instead string memory corruption weaknesses together for maximum effect.
Memory corruption vulnerabilities such as use-after-free have long haunted software vendors. These occur when a program continues to use a block of memory after it has been freed, leading to unpredictable and exploitable behavior. Integer overflows, meanwhile, allow attackers to manipulate calculations in ways that can, for instance, bypass buffer checks or trigger controlled overflows—a frequent precursor to memory corruption.
Critically, Chen’s exploit represents a classic one-two punch. By chaining a UAF with an integer overflow, the attacker sidestepped mitigations that might block a single-class vulnerability, highlighting the need for defense-in-depth approaches and, ultimately, more aggressive memory safety improvements.

Diversity of Attack Surfaces​

Equally alarming, these weren’t isolated incidents or repeat bugs. Marcin Wiązowski exploited an Out-of-Bounds Write—a separate mechanism by which attackers overwrite memory locations outside a designated buffer—to likewise achieve SYSTEM privileges. Out-of-Bounds Writes are notorious for their versatility: depending on where and what gets overwritten, attackers can hijack control flow, escalate privileges, or crash systems, leading to potential denial of service or more subtle persistent attacks.
Rounding out the day was Hyeonjin Choi of Out Of Bounds, whose use of a type confusion bug once again escalated privileges. Type confusion occurs when code incorrectly assumes that an object is of one type when it is actually of another—an error that, in C++-heavy codebases like the Windows kernel, remains stubbornly prevalent. These bugs can allow an attacker to write controlled values to sensitive memory locations, bypassing normal privilege boundaries.
Together, the diversity of successful exploit classes on display (use-after-free, integer overflow, out-of-bounds write, type confusion) underlines a pressing reality: Windows 11, while improved upon past OS generations, still exposes a wide, and at times overlapping, attack surface for low-level exploitation.

Broader Implications for Windows Security​

If Microsoft’s rapid deployment of fixes post-Pwn2Own is historically any guide, patching is imminent. But repeated privilege escalations—especially when achieved through different classes of vulnerabilities—signal systemic issues that can’t be stamped out with point updates alone. The onus is on Microsoft not simply to plug individual holes but to address underlying structural causes, such as inadequate memory safety and insufficient compartmentalization within the Windows kernel and core services.
Notably, Microsoft in recent years has been exploring memory-safe languages and mitigation technologies, such as Control Flow Guard and hardware-enforced stack protection. But these results will likely intensify calls for Microsoft to migrate critical components out of C/C++ and into safer alternatives, or to harden legacy code to a much higher standard.

Linux Under Fire: Red Hat’s Vulnerabilities Laid Bare​

The belief that “Linux is more secure” receives periodic correction during top-tier hacking contests, and this year’s Pwn2Own was no exception. Red Hat Linux, prized for its role in enterprise and cloud infrastructure, saw privilege escalation attacks land from multiple research teams.

Integer Overflows: Still a Persistent Threat​

Pumpkin from the DEVCORE Research Team exploited an integer overflow to move from unprivileged to privileged access, earning $20,000 in the process. Integer overflows remain a mainstay of memory-unsafe code—sometimes dismissed as low-complexity bugs, but as modern exploit chains repeatedly prove, they are potent initial footholds for more advanced attacks.

Information Leaks and Use-After-Free Chains​

The Theori team’s combined attack—leveraging an information disclosure bug paired with a use-after-free—achieved root-level access on Red Hat Linux. Even though some aspects of their exploit overlapped with known vulnerabilities (a so-called “bug collision”), their approach nonetheless exposed a key truth about kernel exploitation: attackers can combine minor leaks or info disclosures with more severe vulnerabilities to bypass critical security controls, demonstrating that no bug exists in isolation.
The payout, albeit reduced to $15,000 due to the overlap with previous reports, underlines the competition’s recognition of both novelty and technical excellence, while reinforcing the persistent risk that memory-unsafe code brings to even security-hardened distributions.

Systemic Risks in Linux Kernel Security​

These exploits also amplify ongoing debates within the Linux community about the limitations of existing mitigations, such as Kernel Address Space Layout Randomization (KASLR), stack canaries, and the increasing complexity of defending large and aging codebases. Despite past improvements, these findings reveal that the Linux kernel still harbors a plethora of exploitable weaknesses, many of which stem from legacy code still written in C and C++.

Virtualization Escapes: The Breaking of Isolation Promises​

Beyond operating systems, Pwn2Own targeted the increasingly critical layer of virtualization, which underpins secure cloud services, desktop sandboxes, and modern containerized workflows.

VirtualBox Hypervisor Breach​

In one of the day’s most lucrative and technically dramatic demonstrations, Team Prison Break escaped from Oracle VirtualBox using an integer overflow vulnerability. By triggering a flaw in how VirtualBox handles arithmetic operations, they managed to jump out from within the guest VM environment and execute code on the host OS—a “hypervisor escape” scenario dreaded by cloud providers and enterprise security teams alike. This exploit, which earned a $40,000 payout, showcases the grave risks posed when even a single sandboxing layer can be bypassed by a vulnerability in the hypervisor code.
VirtualBox is widely used for desktop virtualization, but its role as a reference platform means any found vulnerabilities echo throughout the broader virtualization space. Oracle, for its part, usually responds quickly to publicized flaws—but the exploit’s public disclosure should drive immediate patching by VirtualBox users everywhere.

Docker Desktop Container Escape​

Topping the payout chart, however, was the Docker Desktop escape achieved by Billy and Ramdhan of STAR Labs. By capitalizing on a Linux kernel use-after-free vulnerability, they demonstrated code execution on the host machine directly from within a container—effectively breaking one of the core isolation guarantees of modern DevOps and cloud architectures.
The $60,000 reward for this feat is as much recognition of the practical severity as the technical creativity involved. Containers, sold as lightweight alternatives to virtual machines, depend on robust kernel isolation; yet, as attackers repeatedly prove, a container is only as secure as the underlying kernel. If that boundary fails, the compromise can cascade across applications, user data, or even entire clustered deployments.
As with other kernel-level attacks, this exploit shines a spotlight on the need for both more frequent updates in production environments and a cultural shift towards adopting kernel-hardening mechanisms, such as SELinux, AppArmor, and system call filtering, wherever possible.

The Dawn of AI Security Exploitation​

While the kernel and hypervisor exploits dominated prize payouts, history was made with the first successful entry in the competition’s new AI category. Sina Kheirkhah of the Summoning Team compromised “Chroma,” setting a precedent for AI-centric security research.

AI Systems: The New Attack Surface​

The rise of AI-integrated applications and frameworks opens a vast new attack surface. Questions are multiplying about the security implications of model inference, prompt injection, data leakage, and the potential for model manipulation to cause real-world damage. Kheirkhah’s exploit demonstrates that attackers are beginning to pivot their focus towards AI components—some of which may be poorly monitored or lack mature defense mechanisms.
With little detail yet public on the specific exploit path against Chroma, this event nonetheless suggests the cybersecurity community must rapidly upskill for a future where AI-centric bugs join the familiar ranks of memory corruption and logic errors. AI safety and security, once the domain of academic speculation, is now live ammunition for skilled attackers.

Master of Pwn: The STAR Labs Ascendancy​

No less notable than the individual exploits is the emergence of STAR Labs as early competition leaders. Scoring across multiple categories (from Windows 11 privilege escalation to Docker escapes), the team’s sweep highlights not just technical ability but refined process—bug hunting, exploit development, and public demonstration all on a tight schedule.
Their string of wins also acts as a bellwether for the broader industry: coordinated vulnerability disclosure, clear communication, and responsible handling by affected vendors remain essential to translating contest findings into real-world security benefits.

Key Takeaways: Why Pwn2Own Still Matters​

Immediate Vendor Patch Response, but No Silver Bullets​

One of the most consistent outcomes of past Pwn2Own contests is rapid, often days-later, patching from the targeted vendors. Yet the diversity of bug classes exploited—memory corruption, logic bugs, privilege escalation chains—signals that reliance on quick fixes alone is short-sighted. More must be done upstream in software development, including offensive security research, secure-by-default design, and the incremental migration to memory- and type-safe codebases.

The Human Factor Remains Critical​

The Master of Pwn title, year after year, is not decided by automated tools, but by the creativity and persistence of human researchers. The existence of these prize-winning exploits makes clear: as defenders raise the bar, attackers adapt and find new patterns. The ongoing investment in security researchers—their incentives, tools, and collaboration with vendors—remains a cornerstone of practical security progress.

Risk Beyond the Headline: Supply Chain and Cloud Implications​

VirtualBox and Docker escapes, in particular, underline a looming risk for cloud-integrated and supply-chain-dependent organizations. When virtual layered defenses fail—especially at the host or kernel level—the cascading impact can affect not just a single user or department, but potentially millions through multi-tenant cloud platforms or production environments.

AI Security: The Next Horizon​

With AI now officially recognized as a hacking contest category, defenders can expect a tidal wave of research, new vulnerabilities, and calls for formalization of AI security standards. While Pwn2Own’s early AI exploits are just the beginning, they portend a future where language models, data pipelines, and decision engines will be routine security targets.

Analysis: Strengths and Ongoing Risks​

Notable Strengths Identified​

• Rapid, Coordinated Disclosure: Both independent researchers and formal teams have demonstrated an exceptional commitment to responsible disclosure, working in tandem with affected vendors to ensure timely mitigations.
• Technical Depth: The breadth of exploit classes, from memory corruption to logic errors to AI manipulation, demonstrates a rising tide of technical sophistication on both sides of the security equation.
• Industry Response: Vendors, for the most part, treat Pwn2Own vulnerabilities with appropriate urgency, making the competition an important real-world driver of product security improvement.

Unresolved and Emerging Risks​

• Memory-Unsafe Code Legacy: Nearly every major exploit relied on vulnerabilities preventable by adoption of memory-safe languages and robust software engineering practices. The legacy of C and C++ in the kernel, OS utilities, and hypervisors is a wellspring of future risk.
• AI Attack Surface Unfamiliarity: As AI comes under direct attack, many organizations lack the tools, skills, or playbooks to adequately assess and remediate these novel categories of bugs.
• Virtualization and Container Weaknesses: As practical attacks against Docker and VirtualBox multiply, organizations relying on virtual isolation as their main defense should urgently revisit their threat models, ensuring defense in depth with regular kernel and hypervisor updates.
• Patch Gaps: While vendor reflexes are improving, patch adoption in the field—especially in enterprise or regulated environments—remains uneven. Public demonstration does not guarantee real-world remediation until patches are both released and broadly deployed.

Conclusion: Pwn2Own’s Living Laboratory​

Far from technical theater, the first day of Pwn2Own Berlin 2025 functioned as a living laboratory for the next generation of security challenges. Windows 11, Red Hat Linux, VirtualBox, and now AI frameworks all saw their defenses cracked under the pressure of live-fire attacks. For defenders, the message is both sobering and inspiring: the adversary is constantly evolving, and the path to a safer future lies not in wishful thinking, but in relentless, meticulous improvement—of code, culture, and collaboration.
As day two promises even more high-caliber demonstrations, all eyes in the security world are on Berlin. Whether you’re a sysadmin, developer, or policymaker, the lessons of Pwn2Own—collaboration, transparency, and refusing to grow complacent—remain the most reliable safeguards against the unseen threats of tomorrow.

---

Source: GBHackers News Pwn2Own Day 1 - Windows 11, Red Hat Linux, & Oracle VirtualBox Hacked