During Pwn2Own Berlin 2025, cybersecurity researchers successfully exploited multiple zero-day vulnerabilities across various enterprise and consumer products, earning over $695,000 in two days. The competition highlighted the ongoing risks in widely used software, with a new AI security category introduced for the first time.
Affected: Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, Mozilla Firefox, Nvidia Triton Inference Server, Redis, Virtualization and cloud-native platforms.
Affected: Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, Mozilla Firefox, Nvidia Triton Inference Server, Redis, Virtualization and cloud-native platforms.
Keypoints
- Researchers exploited zero-day vulnerabilities in popular enterprise software during Pwn2Own Berlin 2025.
- The competition awarded over $695,000 across the first two days for diverse security flaws.
- A new AI security category was featured, with exploits targeting AI and machine learning systems.
- Vendors have 90 days to release patches after zero-day disclosures during the event.
- The contest emphasizes the importance of securing widely used products against emerging threats.