VMware and Pwn2Own 2025 – Berlin
Greetings from the Broadcom PSIRT Team – VCF Division. We are thrilled to announce that the 2025 edition of the Pwn2Own hacking contest, held in Berlin, has come to a close. It was an exciting event that saw our VMware products under the spotlight once again.
As part of this prestigious competition, which began in 2016, our VMware ESXi – Type 1 and VMware Workstation – Type 2 Hypervisors were targeted by expert hackers in the virtualization category. The grand prize money for these challenges was an impressive $180,000 and $80,000 respectively.
It was a busy week for our team as three successful exploitation attempts were made against our products. On May 16, 2025, the talented hacker Nguyen Hoang Thach from STARLabs SG successfully breached VMware ESXi – Type 1, marking a historic first in the Pwn2Own hacking event.
But that wasn't all. The next day, on May 17, 2025, Corentin BAYET of Reverse Tactics joined forces with his team to chain two vulnerabilities and successfully exploited VMware ESXi. Interestingly, one of these vulnerabilities used a collision attack – an approach already familiar to security experts.
Later that day, Thomas Bouzerar and Etienne Helluy-Lafont from Synacktiv took on the challenge of exploiting VMware Workstation – Type 2 Hypervisors, ultimately succeeding in their attempts. Our team is actively working tirelessly to address these vulnerabilities and will publish a VMware Security Advisory (VMSA) with detailed information on updates for the affected products.
We would like to extend our sincerest gratitude to Zero Day Initiative (ZDI) for permitting us to participate in this esteemed contest, as well as our partners from STAR Labs SG, Reverse Tactics, and Synacktiv, who collaborated with us to resolve these security issues. If you're interested in staying up-to-date on the latest VMware Security Advisories (VMSAs), please sign up here for new and updated information.
For more details about this year's Pwn2Own 2025 – Berlin event, visit our page on VMware by Broadcom and Pwn2Own Vancouver 2024.