Security News Windows 11 and Red Hat Linux hacked on first day of Pwn2Own Berlin 2025

Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,931
Content source
https://www.bleepingcomputer.com/news/security/windows-11-and-red-hat-linux-virtualbox-hacked-on-first-day-of-pwn2own/
On the first day of Pwn2Own Berlin 2025, security researchers were awarded $260,000 after successfully demonstrating zero-day exploits for Windows 11, Red Hat Linux, and Oracle VirtualBox.

Red Hat Enterprise Linux for Workstations was the first to fall in the local privilege escalation category after DEVCORE Research Team's Pumpkin exploited an integer overflow vulnerability to earn $20,000.

Hyunwoo Kim and Wongi Lee also got root on a Red Hat Linux device by chaining a use-after-free and an information leak, but one of the exploited flaws was an N-day, which led to a bug collision.

Next, Chen Le Qi of STARLabs SG was awarded $30,000 for an exploit chain combining a use-after-free and an integer overflow to escalate privileges to SYSTEM on a Windows 11 system.

Windows 11 was hacked twice more to gain SYSTEM privileges by Marcin Wiązowski, who exploited an out-of-bounds write vulnerability, and Hyeonjin Choi, who demoed a type confusion zero-day.

Team Prison Break earned $40,000 after demoing an exploit chain that used an integer overflow to escape Oracle VirtualBox and execute code on the underlying operating system.

Summoning Team's Sina Kheirkhah was awarded another $35,000 for a Chroma zero-day and an already known vulnerability in Nvidia's Triton Inference Server, while STARLabs SG's Billy and Ramdhan earned $60,000 for escaping Docker Desktop and executing code on the underlying OS using a use-after-free zero-day.
Click to expand...
www.bleepingcomputer.com

Windows 11 and Red Hat Linux hacked on first day of Pwn2Own

On the first day of Pwn2Own Berlin 2025, security researchers were awarded $260,000 after successfully demonstrating zero-day exploits for Windows 11, Red Hat Linux, Docker Desktop, and Oracle VirtualBox.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • HaHa
Reactions: oldschool, Andy Ful, Marko :) and 4 others
cartaphilus

cartaphilus

Level 13
Verified
Top Poster
Well-known
Mar 17, 2023
612
Gandalf_The_Grey said:
www.bleepingcomputer.com

Windows 11 and Red Hat Linux hacked on first day of Pwn2Own

On the first day of Pwn2Own Berlin 2025, security researchers were awarded $260,000 after successfully demonstrating zero-day exploits for Windows 11, Red Hat Linux, Docker Desktop, and Oracle VirtualBox.
www.bleepingcomputer.com www.bleepingcomputer.com
Click to expand...
Indeed, when assessed from a high-level perspective, Linux, due to its various distributions and configurations, is generally less secure than Windows. Windows undergoes extensive scrutiny and continuous evaluation every minute of every day. In contrast, while major distributions like Debian may receive significant review, the creation of custom Linux versions raises questions about their security. They may be secure against less skilled attackers, but when faced with motivated individuals, vulnerabilities are likely to be discovered.

The primary unassailable feature of *Nix and Apple lies in their security through obscurity. Furthermore, the user base of *Nix and Apple is quite distinct from the typical Windows user. The Linux community is often characterized by elitist individuals who tend to discourage newcomers seeking assistance (one can observe this by joining any Linux community and posing a basic question); in contrast, Apple attracts two types of users, one who prefer to avoid IT and technical configurations, seeking guidance throughout the entire process, while the other exhibit elitist tendencies. Meanwhile, Windows caters to gamers and power users who desire an operating system that responds to their needs rather than the other way around
 
Last edited:
  • Like
  • +Reputation
Reactions: Game Of Thrones, Virtuoso, Zero Knowledge and 1 other person
Dreams&Visions

Dreams&Visions

Level 2
Nov 16, 2024
71
Day 2 results:
www.zerodayinitiative.com

Zero Day Initiative — Pwn2Own Berlin 2025: Day Two Results

Welcome to the second day of our first ever Pwn2OwnBerlin. Yesterday, we awarded $260,000 for some amazing research. Today looks to be even better, with more AI on the line, plus SharePoint and VMware ESXi. As always, we’ll be updating this blog with results as we have them.
www.zerodayinitiative.com www.zerodayinitiative.com
 
  • Like
Reactions: harlan4096, Zero Knowledge, Game Of Thrones and 1 other person

Similar threads

Gandalf_The_Grey
    • Like
Security News QNAP fixes NAS backup software zero-day exploited at Pwn2Own
Replies
1
Views
1,304
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Security News Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver
Replies
1
Views
1,590
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
Security News Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws
Replies
2
Views
583
Security News
Sorrento
Sorrento

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top