More than $1 million were paid out at the Pwn2Own Berlin 2025 hacking competition organized last week by Trend Micro’s Zero Day Initiative (ZDI) in Berlin, Germany.
ZDI announced that white hat hackers have been awarded a total of $1,078,750 for 28 previously unknown vulnerabilities across operating systems, AI products, container software, browsers, virtualization software, and servers.
Of the total amount, $140,000 was earned for AI hacks, including ones targeting the Chroma open source AI application database, and NVIDIA’s Triton Inference Server and Container Toolkit. This was the first Pwn2Own to include the AI category.
The biggest single reward, $150,000, went to the STAR Labs SG team for the first VMware ESXi hack in Pwn2Own history. A second ESXi exploit earned a researcher from REverse Tactics $112,500.
A significant prize, $100,000, was also earned for a Microsoft SharePoint exploit that chained authentication bypass and insecure deserialization vulnerabilities.
A VMware Workstation exploit earned $80,000, and an exploit chain combining an Oracle VirtualBox escape and a Windows privilege escalation earned $70,000. Participants were awarded $40,000 each for Redis and other VirtualBox exploits.
Two Firefox exploits earned participants $50,000 each. The exploits did not include a sandbox escape, which would have doubled their value. Nevertheless, Mozilla rushed to address them and released patches on the same day.
The STAR Labs SG team won the contest, earning a total of $320,000 for its exploits.
There were no exploitation attempts in the enterprise software category, which includes Adobe Reader and Microsoft 365 apps, nor the automotive category, which offered prizes of up to $500,000 for hacking a Tesla.
Related: Hackers Earn $886,000 at Pwn2Own Automotive 2025 for Charger, OS, Infotainment Exploits
Related: Over $1 Million Paid Out at Pwn2Own Ireland 2024
Related: Synology, QNAP, TrueNAS Address Vulnerabilities Exploited at Pwn2Own Ireland