Pwn2Own Berlin 2025: A Record-Breaking $1,078,750 in Prize Money

The highly anticipated Pwn2Own Berlin 2025 has come to a close, leaving behind a trail of broken software and a total prize money of $1,078,750. This year's competition saw a record-breaking number of participants take on some of the toughest cybersecurity challenges, with 28 unique zero-day exploits demonstrated across multiple products.

On the final day of the event, participants earned a staggering $383,750, bringing the total prize money to its current figure. This remarkable achievement was made possible by the efforts of numerous talented hackers, who demonstrated their skills in exploiting vulnerabilities in software such as VMware Workstation, ESXi, Windows, NVIDIA, and Firefox.

Among those who took home significant prizes were STAR Labs SG, who emerged victorious in the "Master of Pwn" category with a prize purse of $320,000. This prestigious title was awarded based on a combination of points earned across various challenges, demonstrating an impressive level of expertise among the competition.

One notable exploit that caught the eye of attendees was made by Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics. Utilizing two bugs in ESXi, one of which overlapped with a prior entry, Bayet managed to earn $112,500 and 11.5 points for his unique integer overflow exploit.

Another standout performer was Thomas Bouzerar (@MajorTomSec) and Etienne Helluy-Lafont from Synacktiv, who successfully exploited a heap-based buffer overflow in VMware Workstation. This achievement earned them $80,000 and 8 Master of Pwn points, cementing their position as top contenders in the competition.

Furthermore, Dung and Nguyen (@MochiNishimiya) from STARLabs made headlines with their TOCTOU race condition exploit, which allowed them to escape the VM and gain privileges on Windows. This impressive feat earned them $70,000 and 9 points, solidifying their place among the top performers.

In a thrilling finale, Miloš Ivanović (@ynwarcs) from infosec.exchange demonstrated a race condition that allowed him to gain SYSTEM privileges on Windows 11. With this exploit, he secured $15,000 and 3 Master of Pwn points, bringing his total earnings for the competition to a respectable sum.

The full list of hacking attempts made during day two is available here, offering insight into the innovative techniques used by participants to uncover vulnerabilities in the software they targeted.

Pwn2Own Berlin 2025 marked an exciting milestone in the world of cybersecurity competitions. For the first time, the event included an AI category, showcasing the rapidly evolving landscape of artificial intelligence and its potential applications in vulnerability discovery.

As we look forward to next year's event, one thing is clear: the community continues to push the boundaries of what is possible when it comes to exploiting software vulnerabilities. Stay tuned for updates from the cybersecurity world, and follow me on Twitter (@securityaffairs) for all the latest news and insights!