Inside Pwn2Own’s Biggest Hacks: How Researchers Cracked VMware, SharePoint & More

The second day of Pwn2Own Berlin 2025 turned into a high-stakes hacking spectacle as security researchers uncovered zero-day vulnerabilities in some of the most widely used enterprise platforms VMware ESXi, Microsoft SharePoint, Mozilla Firefox, and Red Hat Enterprise Linux. With $435,000 awarded in bounties, the event showcased just how fragile even the most trusted software can be.

Hosted at OffensiveCon, the competition saw unprecedented exploits, including the first-ever successful VMware ESXi hypervisor breach in Pwn2Own history. Meanwhile, SharePoint, Firefox, and Linux also fell victim to clever attack chains, proving that no system is truly invincible.

Let’s break down the biggest hacks, the implications for businesses, and why these vulnerabilities matter.

1. VMware ESXi Hypervisor Hacked A First for Pwn2Own

Researcher: Nguyen Hoang Thach (STAR Labs SG)
Vulnerability: Integer overflow → Full system compromise
Bounty: $150,000

VMware ESXi, the backbone of countless enterprise data centers, has long been considered a fortress in virtualization security. That changed when Nguyen Hoang Thach exploited an integer overflow flaw to escape the virtual machine and take control of the host system.

Why This Matters:

• ESXi is everywhere: used by corporations for cloud workloads, virtual machines, and critical infrastructure.

• A single flaw could let attackers jump between VMs, steal data, or deploy ransomware.

• VMware now has 90 days to patch before exploit details go public.

2. Microsoft SharePoint Exploited via Authentication Bypass

Researcher: Dinh Ho Anh Khoa (Viettel Cyber Security)
Vulnerability: Auth bypass + insecure deserialization → Unauthorized access
Bounty: $100,000

Microsoft SharePoint, a cornerstone of corporate collaboration, was hacked in minutes by chaining two flaws:

1. Authentication bypass (getting in without credentials)

2. Insecure deserialization (executing malicious code)

Why This Matters:

• SharePoint is deeply integrated with Microsoft 365, meaning a breach could expose emails, documents, and internal communications.

• Many companies don’t monitor SharePoint for suspicious activity, making it a prime target.

• Microsoft must now rush a patch before hackers weaponize this exploit.

3. Firefox Hacked Again With Out-of-Bounds Write Bug

Researchers: Edouard Bochin & Tao Yan (Palo Alto Networks)
Vulnerability: Memory corruption → Remote code execution
Bounty: $50,000

Despite years of hardening, Firefox remains a hacker favorite. This time, researchers used an out-of-bounds write vulnerability to corrupt memory and execute malicious code.

Why This Matters:

• Firefox users (especially enterprises) assume it’s safer than Chrome but zero-days keep appearing.

• Browser exploits are gateways to phishing, spyware, and data theft.

• Mozilla’s patching speed will determine how quickly this gets fixed.

4. Red Hat Enterprise Linux Privilege Escalation Flaw

Researcher: Gerrard Tai (STAR Labs SG)
Vulnerability: Use-after-free → Root access
Bounty: $10,000

Even Linux, the gold standard for secure servers, wasn’t safe. A use-after-free bug allowed attackers to escalate privileges to root the worst-case scenario for sysadmins.

Why This Matters:

• RHEL powers critical servers in finance, healthcare, and government.

• A single privilege escalation can let hackers move laterally across networks.

• Red Hat must patch fast Linux exploits are rare but devastating.

5. AI Systems Under Fire: Redis & NVIDIA Triton Exploited

Pwn2Own 2025 introduced a new AI category, and hackers didn’t disappoint:

A. Redis Exploit ($40,000)

• Researchers: Benny Isaacs, Nir Brakha, Sagi Tzadik (Wiz Research)

• Vulnerability: Use-after-free → Full server takeover

B. NVIDIA Triton Inference Server ($30,000)

• Researchers: Ho Xuan Ninh & Tri Dang (Qrious Secure)

• Vulnerability: Chained 4 bugs → Remote code execution

Why This Matters:

• AI infrastructure is becoming a prime target as adoption grows.

• Flaws in AI models/data could lead to manipulated outputs, data leaks, or worse.

• Companies using AI must audit their stacks before attackers strike.

What’s Next? Day 3 & the Road to $1 Million

With $695,000awardedsofar,Pwn2OwnBerlin2025couldbreakthe$1 million mark on its final day. Remaining targets include:

• Windows 11

• Oracle VirtualBox (already partially hacked)

• More VMware & Firefox exploits

All vulnerabilities are responsibly disclosed, giving vendors 90 days to patch before details go public.

Final Thoughts: Should Enterprises Be Worried?

Absolutely. While Pwn2Own is a controlled environment, real hackers are watching. The exploits revealed here will likely inspire copycat attacks in the wild.

Key Takeaways:

Update immediately: when patches drop especially for VMware, SharePoint, and Firefox.
Monitor hypervisors and Linux servers: these are now confirmed targets.
AI security can’t be ignored: new tech means new risks.

The biggest lesson? No software is unhackable. The only question is: Will you be ready when attackers strike?