Pwn2Own Berlin 2025 Day Two: researcher earned 150K hacking VMware ESXi

On day two of Pwn2Own Berlin 2025, participants earned $435,000 for demonstrating zero-day in SharePoint, ESXi, VirtualBox, RHEL, and Firefox.

On day two of Pwn2Own Berlin 2025, bug hunters earned a total of $435,000, which brings the contest total to $695,000, after $260,000 was awarded during the first day of the competition. The participants demonstrated 20 unique zero-days in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox.

Wrapping up Day Two of #Pwn2Own Berlin 2025. We’ve awarded $695,000 for 20 unique 0-days, with one more day to go! pic.twitter.com/x2oBfaSfKS

— Trend Zero Day Initiative (@thezdi) May 16, 2025

Nguyen Hoang Thach of STARLabs SG exploited an integer overflow to hack VMware ESXi earning $150,000 and 15 Master of Pwn points.

Outstanding! Nguyen Hoang Thach (@hi_im_d4rkn3ss) of STARLabs SG used a single integer overflow to exploit #VMware ESXi – a first in #Pwn2Own history. He earns $150,000 and 15 Master of Pwn points. #P2OBerlin pic.twitter.com/QmfZng11nV

— Trend Zero Day Initiative (@thezdi) May 16, 2025

Dinh Ho Anh Khoa of Viettel Cyber Security earned $100,000 and 10 Master of Pwn points for exploiting Microsoft SharePoint using auth bypass and insecure deserialization.

Edouard Bochin and Tao Yan from Palo Alto Networks earned $50,000 and 5 Master of Pwn points for exploiting Mozilla Firefox via an Out-of-Bounds Write.

The full list of hacking attempts made during day two is available here.

This is the time of the Pwn2Own at the OffensiveCon conference, and also the first time the competition includes an AI category.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Pwn2Own Berlin 2025)