Pwn2Own 2025: When Security Researchers Break Everything (And Why That's Good)

TL;DR

Three Pwn2Own competitions in 2025 (Tokyo, Berlin, Cork) resulted in 150 zero-day vulnerability disclosures across automotive, enterprise, and consumer IoT systems, with $2,989,750 awarded to researchers.

Key findings:

  • Memory corruption (45%): 68 instances of buffer overflows (CWE-787, CWE-121/122), use-after-free (CWE-416), integer overflows (CWE-190), and type confusion (CWE-843)
  • Injection attacks (30%): 45 instances of command injection (CWE-78) and format string vulnerabilities (CWE-134)
  • Authentication failures (13%): 20 instances including hard-coded credentials (CWE-798), missing authentication (CWE-306), and authentication bypasses (CWE-287)

Notable exploits:

  • First successful VMware ESXi compromise in Pwn2Own history using integer overflow (CWE-190)
  • Tesla Wall Connector five-stage attack chain through charging cable (CVE-2025-8321)
  • Alpine Electronics refusing to patch CVE-2024-23924 command injection, citing ISO/SAE 21434 “acceptable risk”

The persistence of decades-old vulnerability classes in modern systems indicates systemic failures in secure development practices. The coordinated disclosure model prevents these vulnerabilities from being weaponized by threat actors before patches are available.

What Is Pwn2Own, Anyway?

If you’re new here, let me paint you a picture: Pwn2Own is basically the Olympics of ethical hacking, except instead of medals, you get cash prizes and bragging rights. Security researchers from around the world compete to find and exploit zero-day vulnerabilities - that’s security-speak for “bugs the vendors don’t even know exist yet.”

The format is beautifully simple: get on stage, demonstrate a working exploit, beat the clock. Success means you walk away with cash (we’re talking six figures sometimes), you keep the device you just demolished, and most importantly, the vendor gets a 90-day heads-up to fix things before it goes public. It’s hacking, but the good kind - the kind that actually makes your devices more secure.

2025’s competition spanned three events across the globe, and each one had its own flavor of chaos.

The 2025 Events: From Tokyo to Cork

Pwn2Own Automotive (Tokyo, January 22-24)

Tokyo kicked things off with automotive-focused absolute mayhem. We’re talking $886,250 in prizes for 49 zero-day vulnerabilities - all targeting Tesla systems, in-vehicle infotainment units, and EV chargers.

The star of the show? Iranian researcher Sina Kheirkhah, who absolutely dominated and walked away with $222,250 as Master of Pwn. My favorite part? For the second year in a row, he made an EV charger display dancing Rick Astley. I mean, if you’re going to hack an EV charger, you might as well Rick Roll it, right?

Plot twist: Pwn2Own Vancouver didn’t happen this year. CanSecWest decided to pivot and focus on LLM safety challenges instead. The times, they are a-changin'.

Pwn2Own Berlin (May 15-17)

Berlin brought the heat with enterprise-focused attacks. This event made history for two massive reasons: it introduced the first-ever AI infrastructure category (hello, future), and researchers pulled off the first successful VMware ESXi exploitation in Pwn2Own history. Let that sink in - ESXi has been the white whale of Pwn2Own for years.

They handed out $1,078,750 for 28 unique zero-days spanning virtualization platforms, browsers, operating systems, and AI systems. Singapore’s STAR Labs absolutely crushed it, taking home $320,000 and the Master of Pwn crown.

Pwn2Own Ireland (Cork, October 21-24)

The grand finale went down at Trend Micro’s Cork offices, where consumer IoT and mobile devices got absolutely demolished. This competition wins the prize for sheer volume: 73 unique zero-days (the highest count of any 2025 event) with $1,024,750 in prizes.

Here’s a wild one: Meta put up a record $1 million bounty for a WhatsApp exploit. Team Z3 had a zero-click exploit but withdrew it, choosing private disclosure instead of the public demo. Meanwhile, The Summoning Team grabbed Master of Pwn by wrecking NAS devices, smart home systems, and mobile phones left and right.

Combined Statistics:

  • Total prizes: $2,989,750
  • Zero-days found: 150
  • Countries represented: 13+
  • Lesson learned: Everything is hackable

The Vulnerabilities: Let’s Talk About What Broke

Alright, now we’re getting to the good stuff. I’ve organized these by vulnerability type, starting with the absolute headliners that had the security community losing their minds.

🔥 The Headliners: Stories That Made Waves

VMware ESXi: The Hypervisor That Finally Fell

Who: Nguyen Hoang Thach (STAR Labs SG) and Corentin Bayet (Reverse Tactics) Prize: $150,000 and $112,500 respectively CWE: CWE-190 (Integer Overflow), CWE-457 (Use of Uninitialized Variable)

Okay, this was THE big one. VMware ESXi is the hypervisor running underneath countless enterprise servers worldwide - it’s literally the foundation that all those virtual machines sit on top of. It’s been battle-hardened for years. And nobody, I mean nobody, had ever successfully exploited it at Pwn2Own before this year.

Both teams used integer overflow vulnerabilities. Not familiar with those? Think of it this way: imagine a calculator that can only count to 999. When you add 1 to 999, instead of showing 1000, it wraps back around to 0. Seems harmless on a calculator, but in computer memory? This lets attackers write data where they absolutely shouldn’t, which eventually leads to code execution.

Here’s why you should care about ESXi being compromised:

  • You can escape from ALL guest VMs at once
  • You get access to sensitive data from every single VM on that host
  • You can persist at the hypervisor level (meaning you survive VM resets - yikes)
  • You could deploy ransomware at the infrastructure level

Ransomware groups have been salivating over ESXi for years. The good news? These researchers found it first, giving VMware a chance to patch before the bad guys catch up.

Tesla Wall Connector: Hacked Through the Charging Cable

Who: Synacktiv (France) Prize: $45,000 CVE: CVE-2025-8321 CWE: CWE-798 (Hard-coded Credentials), CWE-306 (Missing Authentication), CWE-119 (Buffer Overflow), CWE-693 (Anti-rollback Failure)

This exploit was simultaneously beautiful and absolutely terrifying. Synacktiv pulled off a five-stage attack that got them full remote code execution through the actual charging connector. Yeah, you read that right.

Let me walk you through this masterpiece:

  1. Diagnostic access via charging cable - They used the Control Pilot line (a data wire in the charging cable) to chat with the charger’s embedded controller
  2. UDS Security Access bypass - Found and exploited a laughably weak XOR routine to get past authentication
  3. Firmware downgrade attack - Rolled back to an older, buggier firmware version (no anti-rollback protection? Really?)
  4. Buffer overflow in FreeRTOS - Hit a debug shell that was running without memory protections
  5. Wi-Fi credential extraction - Grabbed plaintext network credentials for long-term access

In plain English: they plugged in a modified cable, sweet-talked their way past security, installed ancient vulnerable firmware, exploited a memory bug, and walked away with your Wi-Fi password. All through the thing you use to charge your car every day.

The good news? Tesla patched this fast in firmware 24.44.3, adding proper anti-downgrade protections. But here’s the bigger picture: as EVs become more common, charging infrastructure is becoming a seriously juicy attack target.

Alpine Electronics: “We Choose Not to Fix This”

CVE: CVE-2024-23924 (from 2024, still unpatched in 2025) CWE: CWE-78 (OS Command Injection)

Oh boy, here’s where things get spicy. Alpine’s iLX-507 in-vehicle infotainment system had a command injection vulnerability discovered way back in 2024. Multiple teams exploited it again in 2025 - not because they found something new, but because Alpine straight-up refused to patch it.

Wait, what? Yeah, you heard that right. Their reasoning? They classified it as an “acceptable risk” under the ISO/SAE 21434 automotive cybersecurity standard. Translation: “We know about it, we’ve decided not to fix it, and we found a standard that technically allows us to do this.”

The security community absolutely lost their minds over this, and for good reason. We’re talking about command injection in vehicle systems that could potentially:

  • Allow unauthorized vehicle control (terrifying)
  • Disable safety features (even more terrifying)
  • Manipulate connected systems
  • Enable fleet-wide attacks

Get this: six different research teams (SK Shieldus, STEALIEN Inc., CIS Team, ANHTUD, Sina Kheirkhah, Juurin Oy) exploited this same bug throughout 2025. They got reduced “collision” awards since it was already known, but the point stands - this vulnerability is known, exploitable, and unpatched.

The takeaway? ISO/SAE 21434 desperately needs a revision if it lets vendors indefinitely ignore critical security vulnerabilities in safety-critical systems. This isn’t okay.

💉 Injection Attacks: Still Working After All These Years

Vulnerability Type: Command Injection, Code Injection, Format String Primary CWE: CWE-78 (OS Command Injection - #4 in CWE Top 25) Prevalence: ~45 instances (30% of all vulnerabilities)

Alright, let’s talk about injection attacks, because they absolutely dominated Pwn2Own 2025. We’re talking about roughly 45 instances - that’s 30% of all vulnerabilities found. They were everywhere: automotive systems, IoT devices, you name it.

What’s an injection attack? Glad you asked. Imagine going to a restaurant where you can write your order as “one burger AND delete the entire menu system,” and the kitchen just… does it. No questions asked. That’s essentially what an injection vulnerability is - the system blindly executes whatever you feed it, even the malicious parts.

The Worst Offenders

Automotive Infotainment Systems:

  • Kenwood DMX958XR - Multiple teams (Viettel, Synacktiv, PHP Hooligans) exploited command injection. Synacktiv famously played Doom on the device during their demonstration.
  • Sony XAV-AX8500 - PCAutomotive achieved a zero-click exploit chain (no user interaction required) combining heap overflow with authentication bypass.

EV Chargers:

  • Phoenix Contact CHARX SEC-3150 - HT3 Labs combined missing authentication with OS command injection
  • Multiple other charger manufacturers suffered similar vulnerabilities

NAS Devices:

  • QNAP TS-453E (most targeted NAS device) - CyCraft Technology, Sina Kheirkhah, and others all found command injection bugs
  • Synology devices - Multiple models fell to injection attacks

Smart Home Systems:

  • Home Assistant Green - Rapid7, Viettel, and Team Neodyme all found command injection vulnerabilities

Format String: The Vulnerability From 1999

Get this: QNAP TS-453E also got hit with a format string vulnerability (CWE-134), discovered by DEVCORE. This vulnerability class is so old that most security professionals thought it was basically extinct - we’re talking late 90s/early 2000s stuff here.

The fact that we’re still finding these in 2025 embedded systems is honestly embarrassing. It’s a perfect example of how legacy code and nonexistent security reviews continue haunting the industry.

Why Injection Still Works

Here’s what drives me crazy: we’ve understood these vulnerabilities for decades. So why do they keep showing up?

A few unfortunate reasons:

  1. Legacy code - Old codebases that never got proper input validation in the first place
  2. Rapid development - IoT and automotive companies ship features fast, security… not so much
  3. Embedded systems - Limited resources mean “we’ll add security later” (narrator: they won’t)
  4. Supply chain chaos - Multiple vendors contributing code with zero consistent security standards

The impact? Severe doesn’t even begin to cover it. Command injection gives attackers complete system compromise with minimal effort. In cars, this is a safety nightmare. In NAS devices, it’s a ransomware dream come true.

🧠 Memory Corruption: The Gift That Keeps On Giving

Vulnerability Types: Buffer Overflows, Use-After-Free, Integer Overflows, Type Confusion Primary CWEs: CWE-787 (Out-of-Bounds Write - #2 in CWE Top 25), CWE-416 (Use-After-Free - #9), CWE-121/122 (Stack/Heap Buffer Overflow) Prevalence: ~68 instances (45% of all vulnerabilities)

Memory corruption was the absolute heavyweight champion of Pwn2Own 2025. We’re talking about 68 instances - that’s 45% of all vulnerabilities discovered. Nearly half! These bugs happen when software written in memory-unsafe languages (looking at you, C and C++) doesn’t properly manage memory.

And before you ask: yes, we’ve known about these problems for decades. No, the industry hasn’t fixed them. Let’s dive in.

Buffer Overflows: The Classic Never Dies

What they are: Picture filling a cup with water but never stopping. The water overflows onto your table, your floor, everywhere. In computer memory, “overflowing” means writing past the end of your allocated space, potentially overwriting critical program data or straight-up injecting malicious code.

The printer disaster:

  • Canon imageCLASS MF654Cdw - This thing set a record with 8 unique exploits. Eight! More than any other device at the Ireland event. Teams found:
    • Heap-based buffer overflows (STARLabs, Team ANHTUD)
    • Stack-based buffer overflows (GMO Cybersecurity, DEVCORE Intern)
    • Out-of-bounds writes (PHP Hooligans)
    • Type confusion bugs (Team Cluck)
    • Integer overflows (Team Neodyme)

One printer. Eight completely different ways to break it. This suggests either catastrophically bad code quality, zero security review before shipping, or (most likely) both.

Lexmark CX532adwe also got wrecked multiple times. My personal favorite: Interrupt Labs loaded Doom on the printer’s LCD screen while establishing a reverse shell. Because if you’re gonna hack a printer, you might as well have fun with it.

EV Chargers:

  • Autel MaxiCharger - Multiple buffer overflows (heap and stack) across different exploit chains
  • ChargePoint Home Flex - Stack-based buffer overflow combined with known OCPP protocol bugs
  • WOLFBOX Level 2 - Compromised through combinations including uninitialized variables

Use-After-Free: The Tricky One

What it is: Imagine returning a rental car but keeping a copy of the keys. Later, you use those keys to access the car after someone else has rented it. In software, “use-after-free” means accessing memory that’s been deallocated, potentially reading sensitive data or corrupting program state.

CWE-416 appeared throughout Pwn2Own 2025:

  • Windows 11 kernel exploits - Multiple researchers (Chen Le Qi, Hyunwoo Kim & Wongi Lee, Gerrard Tai) all used UAF bugs to escalate privileges to SYSTEM level
  • Red Hat Linux kernel - Gerrard Tai and Theori team found UAF vulnerabilities leading to root access
  • Docker Desktop - STAR Labs demonstrated container escape using kernel UAF
  • Redis (AI infrastructure) - Wiz Research found UAF in this widely-deployed caching system
  • NVIDIA Triton Inference Server - Wiz Research discovered UAF in AI integration

Integer Overflows: When Math Attacks

What they are: Remember that calculator analogy from the ESXi section? Integer overflows happen when arithmetic results exceed what a variable can store, causing unexpected behavior that attackers can exploit.

CWE-190 (#16 in CWE Top 25) appeared in:

  • VMware ESXi - Both successful exploits used integer overflows
  • Oracle VirtualBox - Team Prison Break’s guest-to-host escape
  • Firefox - Manfred Paul’s renderer exploit
  • Sony XAV-AX8500 - ANHTUD’s automotive infotainment compromise
  • Philips Hue Bridge - Team ANHTUD combined integer overflow with out-of-bounds read

Type Confusion: Not What You Expected

What it is: Imagine ordering a vegetarian meal but the kitchen treats your order as if it were a steak. In programming, type confusion happens when code treats data as the wrong type, leading to memory corruption.

CWE-843 appeared in:

  • Windows 11 - Hyeonjin Choi’s privilege escalation
  • Canon and Lexmark printers - Team Cluck’s exploits
  • Browser JavaScript engines (common pattern, though specific instances not always disclosed)

Why Memory Corruption Still Dominates

The persistence of memory corruption vulnerabilities reveals a fundamental problem: critical infrastructure is still written in memory-unsafe languages.

Systems written in memory-safe languages like Rust, Go, or Swift would eliminate entire vulnerability classes. Languages with automatic memory management prevent:

  • Buffer overflows (the program checks boundaries automatically)
  • Use-after-free (the program tracks memory usage and prevents access to freed memory)
  • Many forms of type confusion

But rewriting decades of C/C++ code is expensive and time-consuming. Meanwhile, embedded systems, kernels, hypervisors, and browsers continue shipping with memory safety bugs that attackers readily exploit.

The average severity for memory corruption issues is 8.22/10. The CWE database lists 70 Known Exploited Vulnerabilities for just CWE-787 alone, indicating these are actively exploited by ransomware groups and nation-state actors in the wild.

🚫 Authentication & Authorization: The Keys to the Kingdom

Vulnerability Types: Authentication Bypass, Missing Authentication, Hard-coded Credentials, Authorization Failures Primary CWEs: CWE-287 (Improper Authentication - #6), CWE-306 (Missing Authentication - #17), CWE-798 (Hard-coded Credentials - #10) Prevalence: ~20 instances (13% of vulnerabilities)

Authentication and authorization failures let attackers bypass security controls entirely, often without needing complex exploits.

SharePoint: The $100,000 Hack

Who: Dinh Ho Anh Khoa (Viettel Cyber Security) Prize: $100,000 (one of the highest single payouts) CWE: CWE-287 (Authentication Bypass), CWE-502 (Insecure Deserialization)

This sophisticated two-bug chain started with an authentication bypass that granted initial access to Microsoft SharePoint Server, then leveraged a .NET deserialization vulnerability for code execution.

SharePoint is particularly concerning because it:

  • Stores sensitive corporate documents and credentials
  • Integrates deeply with Active Directory
  • Often exposed to the internet for remote workers
  • Remains a high-value target for corporate espionage and ransomware

The combination of a logic flaw (authentication bypass) enabling a memory corruption exploit (deserialization) represents what security researchers call “chaining nirvana.”

Smart Home Apocalypse: Philips Hue

Target: Philips Hue Bridge Collision-heavy: 10+ exploitation attempts, many hitting the same bugs

The Philips Hue Bridge became notorious for authentication failures:

  • Authentication bypasses (CWE-287) - InnoEdge Labs, Xilokar
  • Incorrect cryptographic implementation (CWE-325) - kinnay/Yannik Marchand
  • Cryptographic bypass + heap overflow - Viettel
  • Multiple additional heap-based buffer overflows across different teams

The sheer number of attempts suggests either:

  1. The device has particularly exploitable flaws
  2. It’s a popular research target due to market penetration
  3. Both

Hard-coded Credentials: The Gift That Never Stops Giving

CWE-798 (#10 in CWE Top 25) appeared in:

Ubiquiti Connect EV Station - Sina Kheirkhah found hard-coded cryptographic keys, earning $50,000. These keys were embedded directly in the firmware, allowing anyone with access to the firmware to extract them.

QNAP NAS devices - Summoning Team found hard-coded credentials combined with injection vulnerabilities.

Hard-coded credentials represent a fundamental security failure. They can’t be rotated or revoked, and once discovered, they provide permanent access to all affected devices. This is particularly problematic for:

  • IoT devices deployed for years without updates
  • Infrastructure equipment with long replacement cycles
  • Systems where firmware extraction is straightforward

Missing Authentication: CAN Bus and Charging Protocols

Tesla Wall Connector and automotive systems widely suffered from missing authentication in safety-critical systems:

  • CAN bus communications (by design lack authentication)
  • Charging protocols enabling diagnostic access without verification
  • Debug interfaces accessible without proper access control

The automotive industry’s traditional approach to security—“physical access = trusted access”—no longer holds in an era of networked vehicles and internet-connected charging infrastructure.

🤖 AI Infrastructure: The New Attack Surface

Who: Multiple teams including Qrious Secure, Wiz Research, Summoning Team, Viettel, FuzzingLabs Prize Pool: $140,000 for AI vulnerabilities Primary CWEs: CWE-416 (Use-After-Free), CWE-454 (External Control of Trusted Variables)

Pwn2Own Berlin 2025 introduced the first-ever AI infrastructure category, discovering 7 zero-days across AI vector databases, inference servers, and container toolkits. This reflects how rapidly deployed AI systems often outpace security maturity.

NVIDIA Triton Inference Server

The most-targeted AI system with vulnerabilities including:

  • 4-bug exploit chain - Qrious Secure earned $30,000 with the first full Triton compromise
  • Use-after-free in Redis AI integration - Wiz Research
  • Multiple vendor-known bugs exploited by Summoning Team, Viettel, FuzzingLabs (collision awards)

The presence of multiple known-but-unpatched vulnerabilities indicates serious patch debt in fast-moving AI infrastructure.

NVIDIA Container Toolkit

Who: Wiz Research Prize: $30,000 CWE: CWE-454 (External Initialization of Trusted Variables)

This vulnerability enabled container escape by manipulating environment variables trusted by containerized AI workloads. Attackers could break out of container isolation by controlling variables the system assumed were safe.

Chroma AI Database

Who: Sina Kheirkhah Prize: $20,000 Historic: First AI database exploit in Pwn2Own history

Vulnerability type not yet disclosed (90-day disclosure window still active as of writing).

Why AI Infrastructure Is Vulnerable

Several factors contribute to AI security immaturity:

  1. Rapid deployment - AI systems rushed to production before security hardening
  2. Supply chain complexity - AI platforms integrate multiple dependencies (Redis, PostgreSQL, various databases)
  3. Memory-unsafe foundations - Core AI infrastructure written in C/C++
  4. Immature security practices - AI engineering prioritizes model performance over security

The $140,000 awarded signals this attack surface will grow in future competitions as AI infrastructure becomes more critical to business operations.

📱 Mobile Security: Flagship Phones Still Fall

Target: Samsung Galaxy S25 Successful Exploits: 2 Prize per exploit: $50,000

Two research teams successfully compromised Samsung’s latest flagship phone:

Summoning Team (Ken Gannon & Dimitrios Valsamaras)

5-bug exploit chain - Complete device compromise via remote attack vector

The requirement for a 5-bug chain indicates defense-in-depth is working. Attackers must breach multiple security layers, but sophisticated researchers still achieved full compromise.

Interrupt Labs (Ben R. & Georgi G.)

Vulnerability: Improper input validation (CWE-20) Impact: Device takeover with camera and location tracking

They successfully demonstrated surveillance capabilities, activating the camera and location tracking on the compromised device.

What This Means

Flagship phones with the latest Android security patches remain vulnerable to complex multi-bug exploit chains. However, the complexity required (5 bugs for one exploit) shows that mobile security has improved significantly from the early days when single vulnerabilities could compromise devices.

Third attempt by Tri Dang (Qrious Secure) failed to complete within time limits, suggesting time pressure and complexity are effective defensive measures.

🖨️ Printers: The Forgotten Attack Vector

Total printer exploits: 19 Most vulnerable: Canon imageCLASS MF654Cdw (8 unique exploits)

Office equipment emerged as a severely neglected attack surface, with printers suffering from every vulnerability class imaginable.

Why Printers Matter

Compromised printers enable:

  • Network reconnaissance - Printers sit on corporate networks with access to other systems
  • Lateral movement - Pivoting from printer to other network resources
  • Data exfiltration - Print jobs contain sensitive documents
  • Persistent access - Printer firmware malware is difficult to detect and remove
  • Physical security bypass - Manipulating access badge printing systems

The Canon Disaster

The Canon imageCLASS MF654Cdw attracted 8 unique exploits:

  • Heap-based buffer overflows
  • Stack-based buffer overflows
  • Out-of-bounds writes
  • Use-after-free variants
  • Integer overflows
  • Type confusion

Eight different teams, eight different vulnerabilities. This suggests either:

  • No meaningful security review before shipping
  • Extremely poor code quality
  • Decades-old codebase with accumulated technical debt

Lexmark’s Doom

Interrupt Labs demonstrated a path traversal (CWE-22) + untrusted search path (CWE-426) exploit on the Lexmark CX532adwe, then loaded Doom on the printer’s LCD screen while establishing a reverse shell.

Path traversal is the #1 CWE used in ransomware attacks, enabling attackers to access files outside intended directories.

Why Printer Security Is Neglected

Several factors contribute to printer security failures:

  1. Long product lifecycles - Printers designed to last 10+ years with minimal updates
  2. Embedded systems - Difficult to patch after deployment
  3. Low security priority - Vendors prioritize print quality and features over security
  4. Legacy code - Printer firmware often decades old with minimal security review
  5. Network exposure - Printers widely deployed on corporate networks without proper segmentation

💾 NAS Devices: Your Backup Is Vulnerable

Total NAS exploits: 12+ Most targeted: QNAP TS-453E

Network Attached Storage devices emerged as critical targets because they:

  • Store business-critical data and backups
  • Often exposed to internet for remote access
  • Rarely receive timely security updates from consumers
  • Represent prime ransomware targets

QNAP TS-453E: The Swiss Cheese

The most-targeted NAS device suffered from:

  • Format string vulnerability (CWE-134) - DEVCORE
  • Command injection (CWE-78) - CyCraft Technology, Sina Kheirkhah
  • Hard-coded credentials (CWE-798) + injection - Summoning Team
  • 1-second exploit - PHP Hooligans demonstrated maturity of exploit development

SOHO Smashup: The Crown Jewel

Team DDOS Prize: $100,000 (highest Ireland payout) Targets: QNAP Qhora-322 Router + QNAP TS-453E NAS Complexity: 8-bug exploit chain (most complex Ireland exploit)

This sophisticated attack demonstrated WAN-to-LAN pivot with complete NAS compromise, showing how attackers can breach network perimeters and pivot to internal storage systems.

Synology Vulnerabilities

Multiple Synology models fell to various attacks:

  • DiskStation DS925+ - Authentication bypass + privilege escalation (Verichains Cyber Force)
  • BeeStation Plus - Stack overflow (Synacktiv)
  • ActiveProtect DP320 - Multiple 2-bug chains (Summoning Team)

Ransomware Implications

NAS vulnerabilities are particularly concerning because:

  • Backups stored on NAS devices become ransomware targets
  • Compromised NAS enables data encryption AND exfiltration
  • Recovery impossible if backups also encrypted
  • Small businesses rely on NAS without enterprise security

🏠 Smart Home: IoT Security Catastrophe

Total smart home exploits: 18+ Most collision-heavy: Philips Hue Bridge (10+ attempts)

The smart home ecosystem demonstrated complete security failure across multiple dimensions.

Home Assistant Green

The open-source home automation platform suffered from:

  • SSRF (CWE-918) - Rapid7, Summoning Team, Team ANHTUD
  • Command injection (CWE-78) - Rapid7, Viettel, Team Neodyme
  • Arbitrary file write (CWE-73) + cleartext data transmission (CWE-319) - Compass Security

Notable: Team ANHTUD used ChatGPT to assist in exploit development, finishing with 45 seconds remaining. This demonstrates how AI tools are increasingly used in both offensive and defensive security research.

Server-Side Request Forgery (SSRF)

CWE-918 (#21 in CWE Top 25) enables attackers to:

  • Make the vulnerable system send requests to internal network resources
  • Bypass firewall restrictions
  • Access cloud metadata services
  • Scan internal networks
  • Pivot to other systems

In smart home devices, SSRF is particularly dangerous because:

  • Devices often have broad network access
  • Users don’t expect home automation systems to be attack vectors
  • Internal networks frequently lack segmentation

Surveillance Cameras: Privacy Nightmare

Synology CC400W Camera and Ubiquiti AI Pro both fell to exploits. David Berard (Synacktiv) played “Baby Shark” through the Ubiquiti camera speaker after compromising it.

Surveillance camera compromises enable:

  • Unauthorized monitoring of homes and businesses
  • Audio eavesdropping
  • Disabling security systems
  • Network pivoting into internal systems

Amazon Smart Plug

Team Neodyme Prize: $20,000 Complexity: 3-bug chain

Even simple smart plugs demonstrated vulnerability to multi-bug exploit chains.

The Smart Home Security Crisis

IoT security indicators from Pwn2Own 2025:

  1. Pervasive authentication bypasses - Devices lack proper authentication
  2. Cryptographic implementation failures - Encryption incorrectly implemented when present
  3. Memory safety epidemic - Buffer overflows plague IoT firmware
  4. SSRF vulnerabilities - Insufficient validation of outbound connections
  5. Inadequate update mechanisms - Many devices never receive security patches

🔄 Virtualization: Breaking the Boundaries

Total virtualization exploits: 11 Historic achievement: First VMware ESXi exploitations (covered earlier)

Beyond ESXi, virtualization platforms demonstrated that guest-to-host escapes remain achievable despite decades of hardening.

Oracle VirtualBox

Multiple successful guest-to-host escapes:

  • Integer overflow (CWE-190) - Team Prison Break ($40,000)
  • Out-of-bounds write (CWE-787) - Viettel Cyber Security ($40,000)
  • Additional attempts (some failures, some collisions)

VMware Workstation

Sophisticated exploit chains:

Synacktiv Prize: $80,000 Vulnerability: Heap-based buffer overflow (CWE-122) Clean guest-to-host escape

STAR Labs Prize: $70,000 Vulnerabilities: TOCTOU race condition (CWE-367) + improper array index validation (CWE-129) Complete chain from guest VM to Windows SYSTEM privileges

Time-of-Check Time-of-Use (TOCTOU)

CWE-367 is a race condition where:

  1. System checks a condition (e.g., file permissions)
  2. Attacker changes the condition
  3. System uses the resource assuming the check still holds

In shared memory environments like virtualization, TOCTOU vulnerabilities enable attackers to exploit the brief window between checking and using shared resources.

Why Virtualization Vulnerabilities Matter

Guest-to-host escapes have severe implications:

  • Cloud infrastructure - Compromising one VM could expose others on the same physical host
  • Lateral movement - Accessing the hypervisor enables pivoting across entire virtual infrastructure
  • Ransomware persistence - Hypervisor-level ransomware survives VM resets and backups
  • Data exposure - Hypervisor memory contains sensitive data from all VMs

🪟 Operating Systems: Kernel Privilege Escalation

Windows 11: Eight Ways to SYSTEM

Total successful exploits: 8 (counting collision variants)

Microsoft Windows 11 demonstrated persistent kernel-level vulnerabilities despite significant security investments:

Use-After-Free dominated:

  • Chen Le Qi (STAR Labs) - UAF + integer overflow chain ($30,000)
  • Hyunwoo Kim & Wongi Lee (Theori) - Information leak + UAF ($15,000)
  • Gerrard Tai (STAR Labs) - UAF ($10,000)

Other vulnerability classes:

  • Marcin Wiązowski - Out-of-bounds write ($30,000)
  • Hyeonjin Choi - Type confusion ($15,000)
  • Miloš Ivanović - Race condition ($15,000)

All successful exploits achieved SYSTEM-level privileges from standard user accounts, enabling complete host compromise.

Red Hat Enterprise Linux: Kernel Exploitation

Three successful RHEL privilege escalations:

  • Pumpkin (DEVCORE) - Integer overflow ($20,000)
  • Gerrard Tai (STAR Labs) - Use-After-Free ($10,000)
  • Theori team - Information leak + UAF chain ($15,000)

The presence of kernel vulnerabilities in both proprietary (Windows) and open-source (Linux) systems demonstrates that open-source does not automatically eliminate security issues. Both ecosystems struggle with memory safety in kernel code.

🌐 Browsers: Firefox Stands Alone

Only browser targeted: Mozilla Firefox Chrome, Edge, Safari: Zero attempts

This concentration on Firefox is notable and potentially indicates:

  • Improved security in Chromium-based browsers
  • Firefox’s smaller security team and research budget
  • Strategic targeting by researchers focusing on potentially easier targets

CVE-2025-4918 (Palo Alto Networks)

Vulnerability: Out-of-bounds write (CWE-787) in renderer Prize: $50,000 Scope: Renderer-only (no sandbox escape)

CVE-2025-4919 (Manfred Paul)

Vulnerability: Integer overflow (CWE-190) in renderer Prize: $50,000 Scope: Renderer-only (no sandbox escape)

Mozilla’s Exemplary Response

Mozilla released emergency patches the same day as the exploits (May 17, 2025) across:

  • Firefox 138.0.4
  • ESR 128.10.1
  • ESR 115.23.1
  • Firefox for Android

Renderer-Only Exploits

Both exploits achieved code execution in the browser renderer but did not escape the sandbox. This represents a “partial win” in modern browser security.

Modern browsers use multi-process architectures with sandboxing:

  • Renderer process - Handles web content with limited privileges
  • Browser process - Manages UI and system access with full privileges
  • Sandbox - Isolates renderer from system resources

To fully compromise a system, attackers need:

  1. Renderer exploit (achieved here)
  2. Sandbox escape (not demonstrated)

The absence of sandbox escapes suggests Firefox’s sandbox hardening has been effective, even as memory corruption bugs persist in the renderer.

The Big Picture: What Does All This Mean?

Memory Safety: The Core Problem

Let’s start with the elephant in the room: 45% of all vulnerabilities were memory corruption issues. In 2025. We’ve understood these problems for decades. So why the hell are they still everywhere?

The C/C++ Problem:

  • Critical infrastructure is still written in memory-unsafe languages
  • Rewriting existing systems? Expensive and time-consuming (read: nobody wants to pay for it)
  • Embedded systems don’t have resources for memory-safe alternatives (or so they claim)
  • Legacy codebases just keep accumulating decades of technical debt

The Path Forward (if anyone’s listening):

  • For the love of all that’s secure, migrate new critical infrastructure to Rust, Go, or other memory-safe languages
  • Deploy memory sanitizers in development (ASAN, MSAN, UBSAN) - they exist for a reason
  • Enable hardware-based protections (CFI, PAC, BTI) universally - not just on paper
  • Actually implement kernel-level memory safety features (DEP, ASLR) everywhere, properly

Automotive Security: A Safety Crisis

49 automotive zero-days. Forty. Nine. This isn’t just a security problem - it’s a safety crisis. Let’s break down the systemic failures:

Design-level problems:

  • CAN bus lacks authentication by design (because who needs security in a car, right?)
  • Charging protocols prioritize convenience over security (what could go wrong?)
  • “Physical access = trusted access” assumptions are dead in the age of networked vehicles

Vendor behavior concerns (this is where I get really angry):

  • Alpine’s flat-out refusal to patch known vulnerabilities
  • ISO/SAE 21434 “risk acceptance” that basically enables vendors to say “nah, we’re good”
  • Slow-motion responses to disclosed vulnerabilities

Real-world implications:

  • Unauthorized vehicle control is possible
  • Safety features can be disabled remotely
  • Charging infrastructure compromise could enable fleet-wide attacks

Bottom line: UN R155/R156 cybersecurity regulations need serious strengthening if we’re going to stop vendors from indefinitely ignoring vulnerabilities in vehicles that people drive every day.

AI Infrastructure: Growing Pains

The inaugural AI infrastructure category revealed:

  • Rapid deployment outpacing security
  • Known vulnerabilities remaining unpatched
  • Memory safety issues in C/C++ AI infrastructure
  • Container security still challenging

As AI systems increasingly control critical business functions and safety-critical applications, security must catch up with deployment speed.

IoT: Security Optional (Apparently)

Consumer IoT was an absolute dumpster fire. I’m talking catastrophic security failures across the board:

  • Authentication? Systematically broken
  • Cryptography? Incorrectly implemented (when it exists at all)
  • Memory corruption? Everywhere you look
  • Update mechanisms? Either inadequate or nonexistent

Smart home devices, surveillance cameras, network equipment - all of it riddled with severe vulnerabilities that threaten your privacy and security. The “S” in IoT stands for “Security,” and it’s nowhere to be found.

Enterprise Infrastructure: High-Stakes Targets

VMware ESXi exploitations, SharePoint authentication bypass, and container escapes demonstrate that enterprise infrastructure remains vulnerable to sophisticated attacks.

These systems are increasingly targeted by:

  • Ransomware groups seeking infrastructure-level persistence
  • Nation-state actors conducting espionage
  • Cybercriminals stealing sensitive data

The good news: Pwn2Own discovers these vulnerabilities before wide-scale exploitation, giving vendors 90 days to patch.

The Good News: This Makes Us Safer

Despite the alarming number of vulnerabilities, Pwn2Own serves a vital function:

Coordinated Disclosure Works

The 90-day disclosure timeline:

  1. Researchers demonstrate exploits publicly
  2. Vendors receive full technical details immediately
  3. Vendors have 90 days to develop patches
  4. Public disclosure happens only after patches available (or 90 days pass)

This approach:

  • Rewards researchers for finding bugs
  • Gives vendors time to fix issues
  • Prevents information hoarding
  • Incentivizes legitimate security research

Real-World Impact

Many Pwn2Own discoveries prevent real-world attacks:

  • VMware ESXi vulnerabilities found before ransomware groups exploit them
  • Tesla patched charging infrastructure before fleet-wide attacks possible
  • Mobile phone vulnerabilities disclosed before surveillance weaponization
  • IoT bugs fixed before mass botnet recruitment

Vendor Response Varies

Exemplary:

  • Mozilla’s same-day Firefox patches
  • Tesla’s rapid firmware updates with enhanced protections

Concerning:

  • Alpine’s refusal to patch known vulnerabilities
  • Multiple vendors with known-but-unpatched bugs (collision awards indicate this)

The $3 Million Question

Nearly $3 million in prizes represents a fraction of what vulnerabilities cost when:

  • Ransomware groups exploit them for millions in extortion
  • Nation-states use them for years of espionage
  • Cybercriminals steal sensitive data

Paying security researchers to find and disclose bugs is far cheaper than dealing with breaches.

Conclusion

So here’s where we land: Pwn2Own 2025 exposed 150 unique zero-day vulnerabilities across three global competitions. That’s 150 ways that things we rely on every day can be compromised. From the historic VMware ESXi exploitation to Tesla’s charging infrastructure getting owned through a cable, from printers being security disasters to AI infrastructure barely holding together - the findings tell a story of both progress and, frankly, some embarrassing failures.

The key takeaways you need to remember:

  1. Memory corruption still dominates - 45% of vulnerabilities are memory safety issues. In 2025. Let that sink in.
  2. Automotive security needs urgent attention - Vendor refusal to patch known vulnerabilities is absolutely unacceptable
  3. IoT security is catastrophic - Your smart home devices are fundamentally insecure
  4. Enterprise infrastructure is at risk - Hypervisors, containers, servers - all vulnerable to sophisticated attacks
  5. AI security is immature - We’re deploying AI faster than we can secure it

But here’s the thing: there is hope. Pwn2Own represents security research working exactly as it should. Researchers find vulnerabilities before the bad guys do, disclose them responsibly, and give vendors 90 days to patch. That $2,989,750 in prizes? It incentivizes legitimate research and prevents vulnerability hoarding.

Every single vulnerability discovered at Pwn2Own is one less tool in the arsenal of ransomware groups and nation-state actors. That’s genuinely worth celebrating - even as we acknowledge the massive amount of work still ahead.