TheFloW Discloses Potential PS5 Kernel Exploit, Believed to Be Working Up to Firmware 10.40
PlayStation hacker TheFloW has made headlines in the hacking community by disclosing a new PS5 Kernel vulnerability via bug bounty platform HackerOne.
This is a full disclosure, meaning that TheFloW has shared the details of the vulnerability without providing proof-of-concept (PoC) code. Assuming that matching user-mode exploits eventually get discovered, this could lead to a bright future for PS5 owners looking for a Jailbreak.
Due to the submission date of the vulnerability, it is believed to work up to Firmware 10.40, but this remains to be confirmed. TheFloW's disclosure comes at a time when the PS4 and PS5 have been "stuck" with Jailbreaks being only available on fairly old firmwares for quite some time now.
The situation has left many users frustrated, as significant movement recently occurred for firmwares up to 7.61 thanks to the umtx exploit and recent ports of etaHEN to those "somewhat recent" firmwares. However, anything above 7.61 was pretty much out of luck... until now.
TheFloW submitted a vulnerability report for a Kernel exploit on PS5, back in December 2024, roughly four months ago. Although it is up to PlayStation and the hacker to conjointly decide whether to ultimately disclose an exploit or not, in the past TheFloW (and, to their credit, PlayStation) has been keen to share his work with the scene.
Scene veteran Zecoxao estimates that, considering the submission date of 2024/12/15, Firmware 10.40 (and all firmwares below) might be impacted, while 10.60 could have the patch fixing the vulnerability. This is the limit of this use after free, since 10.60 was released on January 23, 2025, and TheFloW disclosed to Sony on December 14, 2024.
The Impact of HackerOne on the PS4/PS5 Scene
People have taken to Twitter to say that HackerOne is damaging the scene, in particular since we’re at the mercy of Sony’s security team to decide whether an exploit will be disclosed or not. However, I personally think that HackerOne is a blessing in disguise because it keeps some hackers like TheFloW interested, if only because it gives them some "professional street cred" varnish to the hacking effort.
In my opinion, this platform allows professional hackers like TheFloW to participate in the bug bounty program, which might not be possible otherwise. It also provides a sense of validation and recognition for their work, which can drive them to continue exploring new vulnerabilities.
What's Next for the PS5 Jailbreak Status?
The point of contention right now is that some folks on the PS5 Homebrew discord have shown doubt that this could lead to a workable exploit. SpecterDev in particular is advising people to lower their expectations, stating that PlayStation has paid a $10,000 bounty for this bug.
However, it is possible that TheFloW has a whole exploit chain leveraging this particular vulnerability, or that the patch fixing the vulnerability will only be available on Firmware 10.60. With that being said, some hackers are working on figuring out if this can lead to an exploit and how to weaponize it into a Jailbreak.
Additional entry points (aka user-mode exploits such as webkit vulnerabilities) will also be needed for the impacted firmwares. TheFloW is expected to talk at the upcoming TyphoonCon 2025, but some people expect he could reveal more about this particular vulnerability. Nevertheless, it seems that the talk might be more about his career than specific hacks.