Introduction

Berlin's vibrant tech scene was abuzz as the esteemed Pwn2Own hacking competition made its inaugural appearance in Germany during the OffensiveCon conference from May 15 to 17, 2025. Recognized as a premier event in the cybersecurity realm, Pwn2Own challenges participants to uncover and exploit zero-day vulnerabilities across a spectrum of software and hardware platforms. This year's event was particularly noteworthy for introducing an Artificial Intelligence (AI) category, reflecting the growing integration of AI technologies in various sectors.

Background on Pwn2Own

Established in 2007 by Trend Micro's Zero Day Initiative (ZDI), Pwn2Own has evolved into a biannual event that attracts top-tier security researchers worldwide. The competition's primary objective is to identify and responsibly disclose previously unknown vulnerabilities, thereby enhancing the security posture of widely used technologies. Over the years, Pwn2Own has expanded its scope to include categories such as web browsers, virtualization software, enterprise applications, and automotive systems.

Highlights of Pwn2Own 2025 Berlin

Introduction of the AI Category

In response to the escalating adoption of AI technologies, Pwn2Own 2025 Berlin introduced a dedicated AI category. This new segment focused on exploiting vulnerabilities within AI frameworks and tools, moving beyond traditional prompt injections to achieve arbitrary code execution. Targets included popular AI platforms such as Chroma, Postgres pgvector, Redis, Ollama, NVIDIA Triton Inference Server, and NVIDIA Container Toolkit. Prizes for successful exploits in this category ranged from $20,000 to $40,000, underscoring the significance of securing AI infrastructures. (thezdi.com)

Automotive Security Focus

The automotive category continued to be a focal point, with Tesla maintaining its partnership with Pwn2Own. Participants targeted the 2024 Tesla Model 3 and 2025 Tesla Model Y bench-top units, aiming to exploit vulnerabilities in vehicle systems. This emphasis highlights the critical need for robust cybersecurity measures in modern vehicles, which are increasingly reliant on complex software systems. (thezdi.com)

Other Categories and Notable Exploits

Beyond AI and automotive, the competition featured categories such as web browsers, cloud-native/container technologies, virtualization, enterprise applications, servers, and local escalation of privilege. Notably, the Cloud-Native/Container category, introduced in the previous year, saw successful exploits, including a Docker container escape. The virtualization category offered substantial rewards, with up to $250,000 for a successful Microsoft Hyper-V Client guest-to-host escalation. (thezdi.com)

Implications and Impact

The outcomes of Pwn2Own 2025 Berlin have far-reaching implications for the cybersecurity landscape:

  • Enhanced Security Posture: By identifying and disclosing zero-day vulnerabilities, the competition enables vendors to patch critical flaws, thereby strengthening the security of their products.
  • Focus on Emerging Technologies: The inclusion of the AI category underscores the necessity of securing AI systems, which are becoming integral to various industries.
  • Automotive Cybersecurity Awareness: The continued focus on automotive systems highlights the importance of protecting vehicles from cyber threats, especially as they become more connected and autonomous.

Technical Details

Participants demonstrated a range of sophisticated exploits during the competition:

  • AI Category: Researchers achieved arbitrary code execution on AI platforms by exploiting vulnerabilities in vector databases and inference servers.
  • Automotive Category: Exploits targeted vehicle infotainment systems and communication protocols, revealing potential entry points for attackers.
  • Cloud-Native/Container Category: A notable exploit involved escaping a Docker container to execute code on the host operating system, highlighting risks in containerized environments.

Conclusion

Pwn2Own 2025 Berlin not only showcased the evolving tactics of cybersecurity researchers but also emphasized the critical need for proactive security measures across emerging technologies. The competition's expansion into AI and continued focus on automotive systems reflect the dynamic nature of cyber threats and the importance of collaborative efforts in mitigating them.