Pwn2Own Berlin 2025: Day Two Results

Pwn2Own Berlin 2025: Day Two Results
Pwn2OwnBerlin第二天比赛中，FuzzingLabs团队利用NVIDIA Triton已知未修复漏洞获1.5万美元及积分；Viettel团队通过Microsoft SharePoint漏洞获10万美元及积分；STARLabs团队首次成功利用VMware ESXi整数溢出漏洞获15万美元及积分。 2025-5-16 09:17:17 Author: www.thezdi.com(查看原文) 阅读量:12 收藏

Welcome to the second day of our first ever Pwn2OwnBerlin. Yesterday, we awarded $260,000 for some amazing research. Today looks to be even better, with more AI on the line, plus SharePoint and VMware ESXi. As always, we’ll be updating this blog with results as we have them.

COLLISION - Mohand Acherir & Patrick Ventuzelo (@pat_ventuzelo) of FuzzingLabs (@fuzzinglabs) exploited #NVIDIA Triton, but the exploit they used was known by the vendor (but unpatched). They still earn $15,000 and 1.5 Master of Pwn points.

SUCCESS - Dinh Ho Anh Khoa of Viettel Cyber Security combined an auth bypass and an insecure deserialization bug to exploit Microsoft SharePoint. He earns $100,000 and 10 Master of Pwn points.

SUCCESS - Nguyen Hoang Thach of STARLabs SG used a single integer overflow to exploit #VMware ESXi - a first in Pwn2Own history. He earns $150,000 and 15 Master of Pwn points.

文章来源: https://www.thezdi.com/blog/2025/5/16/pwn2own-berlin-2025-day-two-results
如有侵权请联系:admin#unsafe.sh