Safety researchers efficiently illustrated important vulnerabilities throughout a number of platforms on the primary day of Pwn2Own Berlin 2025, taking residence a complete of $260,000 in prizes.
The competitors featured 11 totally different exploit makes an attempt, together with the inaugural AI class entries.
STAR Labs has taken an early lead within the Grasp of Pwn competitors, showcasing their technical prowess throughout a number of exploitation classes.
.png
)
Three separate profitable assaults towards Home windows 11 highlighted important safety weaknesses in Microsoft’s flagship working system.
Chen Le Qi of STARLabs SG demonstrated a complicated exploit chain combining a use-after-free (UAF) vulnerability with an integer overflow, efficiently escalating privileges to SYSTEM degree and incomes $30,000.
This multi-stage assault showcases how reminiscence corruption vulnerabilities could be chained for max impression.
Safety researcher Marcin Wiązowski additionally breached Home windows 11 safety via an Out-of-Bounds Write vulnerability, offering one other pathway to SYSTEM privileges.
His technically elegant exploitation earned similar compensation of $30,000.
Finishing the Home windows 11 trifecta, Hyeonjin Choi of Out Of Bounds leveraged a sort confusion vulnerability to raise privileges, demonstrating the range of bug courses affecting the platform.
These profitable exploits reveal regarding patterns in Home windows 11’s safety structure that Microsoft might want to handle promptly.
Crimson Hat Linux Privilege Escalation
Crimson Hat Linux proved inclined to a number of privilege escalation strategies throughout the competitors.
Researcher Pumpkin from DEVCORE Analysis Group efficiently exploited an integer overflow vulnerability to raise privileges, incomes $20,000.
Integer overflows proceed to current important danger vectors in memory-unsafe code, even in enterprise Linux distributions.
In a separate assault, Hyunwoo Kim and Wongi Lee of Theori mixed an data leak with a UAF vulnerability to attain root entry on Crimson Hat Linux.
Though partially based mostly on a beforehand recognized vulnerability, their exploit chain demonstrated how data disclosure could be leveraged to facilitate extra extreme assaults.
Regardless of the bug collision, this technical achievement earned them $15,000 and highlighted ongoing reminiscence issues of safety inside the Linux kernel that have an effect on even security-focused distributions.
VirtualBox and Docker Escapes
Probably the most profitable exploits of the day focused virtualization applied sciences.
Group Jail Break executed a formidable Oracle VirtualBox escape using an integer overflow vulnerability that allowed code execution on the host working system.
Their technical achievement in bypassing digital machine isolation earned them $40,000 and demonstrated severe safety implications for virtualized environments.
The day’s highest payout went to Billy and Ramdhan of STAR Labs, who leveraged a UAF vulnerability within the Linux kernel to flee Docker Desktop containment and execute code on the underlying host.
This subtle container escape netted them $60,000 and demonstrated how kernel-level vulnerabilities can compromise the isolation ensures of containerization applied sciences.
Their technical achievement locations STAR Labs as frontrunners within the ongoing Grasp of Pwn competitors.
In line with the Report, The Pwn2Own occasion additionally made historical past with the primary profitable AI safety exploit, as Sina Kheirkhah of Summoning Group compromised Chroma, establishing a brand new frontier within the cybersecurity analysis panorama.
Day Two guarantees extra high-caliber technical demonstrations because the competitors continues.
Discover this Information Fascinating! Comply with us on Google Information, LinkedIn, & X to Get Prompt Updates!
