Pwn2Own Berlin 2025 Day Two: $435,000 Up for Grabs in Intense Hacking Contest
On the second day of Pwn2Own Berlin 2025, a group of elite bug hunters gathered at the OffensiveCon conference to showcase their skills and earn rewards. The contestants took on some of the toughest targets in the cybersecurity world, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox.
The competition was fierce, with participants demonstrating a total of 20 unique zero-day exploits across multiple products. This impressive display of skill earned them a whopping $435,000, bringing the grand total for the contest to $695,000.
One of the standout achievements of Day Two came from Nguyen Hoang Thach of STARLabs SG, who successfully hacked VMware ESXi using an integer overflow exploit. Thach's achievement was all the more impressive given that it marked a first in Pwn2Own history – a single integer overflow had never been used to exploit ESXi before.
Thach's victory earned him a cool $150,000 and 15 Master of Pwn points, cementing his status as one of the top hackers in the competition. His impressive feat was announced on Twitter, where he shared a photo of himself celebrating with the hashtag #P2OBerlin.
Other notable winners from Day Two included Dinh Ho Anh Khoa of Viettel Cyber Security, who earned $100,000 and 10 Master of Pwn points for exploiting Microsoft SharePoint using auth bypass and insecure deserialization. Edouard Bochin and Tao Yan from Palo Alto Networks took home $50,000 and 5 Master of Pwn points for their successful exploit of Mozilla Firefox via an Out-of-Bounds Write.
As the competition enters its final day, the stakes are high – with just one more chance to earn rewards, the contestants will be pushing themselves to new heights in pursuit of victory. Will anyone emerge victorious and take home the coveted title of Master of Pwn? Only time will tell.
The Full List of Winners
Want to know who else made it to the podium today? Check out the full list of winners from Day Two of #P2OBerlin here: [link to full list]
About Pwn2Own and OffensiveCon
Pwn2Own is a unique cybersecurity competition that brings together top hackers and researchers from around the world. Held annually at the OffensiveCon conference, the event provides a platform for contestants to showcase their skills and earn rewards in exchange for identifying vulnerabilities in various software products.
This year's Pwn2Own Berlin 2025 also marks an exciting new development – the inclusion of an AI category. Will our top hackers be able to keep up with the latest advancements in artificial intelligence? Only time will tell, but one thing is certain: this competition promises to be more intense than ever.
Follow the Action
Want to stay up-to-date on all the latest news from Pwn2Own Berlin 2025? Follow me on Twitter @securityaffairs for exclusive updates and behind-the-scenes insights into the world of cybersecurity. You can also find me on Facebook and Mastodon, where I'll be sharing more in-depth analysis of the competition.