Broadcom Patches Critical VMware Flaws Exploited at Pwn2Own Berlin 2025

In a recent development that sheds light on the vulnerabilities of the tech industry, Broadcom has released patches for critical flaws in its VMware products. These vulnerabilities were demonstrated during the Pwn2Own Berlin 2025 hacking contest, where researchers earned a substantial sum of money by exploiting them.

The Pwn2Own Berlin 2025 event brought together some of the best white hat hackers in the world to showcase their skills and demonstrate how easily they can compromise VMware products. The contest saw four vulnerabilities in Broadcom's VMware products being demonstrated, with researchers earning over $340,000 for their exploits.

One of the most notable vulnerabilities was an integer overflow flaw in VMware ESXi, which was exploited by STARLabs SG to earn a whopping $150,000. This exploit took advantage of two bugs, CVE-2025-41237 and CVE-2025-41239, which were demonstrated by the REverse Tactics team.

STARLabs SG's $150,000 award is a testament to the severity of this vulnerability. The REverse Tactics team earned $112,500 for their exploit using these same bugs. It's worth noting that Broadcom has stated that it is not aware of any attacks in the wild exploiting these vulnerabilities.

“Broadcom has no information to suggest that exploitation of these issues has occurred in the wild,” says a spokesperson from the company. This statement highlights the importance of patching critical vulnerabilities and demonstrates the need for companies like Broadcom to stay vigilant against potential threats.

The Pwn2Own Berlin 2025 event is an annual contest that brings together hackers and security researchers to demonstrate their skills and find vulnerabilities in various products. It's a crucial event that helps identify and address potential security risks, making our technology more secure for everyone.

As we move forward in the tech industry, it's essential to stay informed about the latest vulnerabilities and patches. We'll continue to provide updates on this story as more information becomes available.

Key Takeaways:

  • Broadcom has released patches for critical VMware flaws.
  • The Pwn2Own Berlin 2025 event saw researchers earn over $340,000 for exploiting these vulnerabilities.
  • A significant amount of money was awarded to STARLabs SG and the REverse Tactics team for their exploits.
  • Broadcom is not aware of any attacks in the wild exploiting these vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon for more updates on this story and others like it. Stay informed, stay secure!