Introduction

The Pwn2Own Berlin 2025 competition, held from May 15 to 17 at the OffensiveCon conference in Berlin, Germany, showcased the prowess of ethical hackers in uncovering zero-day vulnerabilities across various platforms. A significant focus was on Microsoft's Windows 11 operating system, where multiple zero-day exploits were demonstrated, highlighting critical security gaps.

Background on Pwn2Own

Pwn2Own is a prestigious hacking contest organized by the Zero Day Initiative (ZDI), aiming to identify and address vulnerabilities in widely used software and devices. Participants are rewarded for successfully exploiting previously unknown flaws, with vendors given 90 days to release patches before public disclosure. The 2025 event marked the first European edition, introducing new categories, including artificial intelligence systems. (thezdi.com)

Windows 11 Exploits Demonstrated

During the competition, security researchers unveiled several zero-day vulnerabilities in Windows 11:

  • Local Privilege Escalation via Integer Overflow: A researcher from Viettel Cyber Security demonstrated an exploit leveraging an integer overflow to escalate privileges on Windows 11 systems. (bleepingcomputer.com)
  • Use-After-Free Vulnerability: Bruno Pujos from REverse Tactics showcased an exploit utilizing a use-after-free vulnerability to achieve privilege escalation. (bleepingcomputer.com)
  • Improper Access Control: Another researcher, vinhthp1712, demonstrated an exploit targeting improper access control mechanisms within Windows 11. (bleepingcomputer.com)

These demonstrations underscore the ongoing challenges in securing modern operating systems against sophisticated attack vectors.

Technical Details of the Exploits

  • Integer Overflow: This vulnerability occurs when an arithmetic operation results in a value exceeding the maximum size allocated for storage, leading to unexpected behavior or system crashes.
  • Use-After-Free (UAF): UAF vulnerabilities arise when a program continues to use a pointer after freeing the memory it points to, potentially allowing attackers to execute arbitrary code.
  • Improper Access Control: This flaw involves inadequate enforcement of permissions, enabling unauthorized users to access or modify system resources.

Exploiting these vulnerabilities can grant attackers elevated privileges, facilitating unauthorized access to sensitive data and system controls.

Implications and Impact

The successful exploitation of Windows 11 at Pwn2Own Berlin 2025 highlights the persistent security challenges faced by modern operating systems. For enterprises and individual users, these vulnerabilities pose significant risks, including data breaches and system compromises. The event emphasizes the importance of proactive security measures, timely patch management, and continuous monitoring to mitigate potential threats.

Microsoft's Response and Future Outlook

Following the disclosures at Pwn2Own, Microsoft is expected to investigate the reported vulnerabilities and develop patches to address them. The company's participation in such events demonstrates a commitment to improving security through collaboration with the research community. Users are advised to apply security updates promptly and adhere to best practices to safeguard their systems.

Conclusion

Pwn2Own Berlin 2025 served as a critical platform for identifying and addressing security vulnerabilities in Windows 11. The event underscores the necessity for continuous vigilance, collaboration between vendors and researchers, and the adoption of robust security practices to protect against evolving cyber threats.