{"id":4032,"date":"2025-05-17T10:03:41","date_gmt":"2025-05-17T10:03:41","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/05\/17\/vmware-esxi-firefox-red-hat-linux-sharepoint-0-day-vulnerabilities-exploited-pwn2own-day-2\/"},"modified":"2025-05-17T10:03:41","modified_gmt":"2025-05-17T10:03:41","slug":"vmware-esxi-firefox-red-hat-linux-sharepoint-0-day-vulnerabilities-exploited-pwn2own-day-2","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/05\/17\/vmware-esxi-firefox-red-hat-linux-sharepoint-0-day-vulnerabilities-exploited-pwn2own-day-2\/","title":{"rendered":"VMware ESXi, Firefox, Red Hat Linux &amp; SharePoint 0-Day Vulnerabilities Exploited \u2013 Pwn2Own Day 2"},"content":{"rendered":"\n<div>VMware ESXi, Firefox, Red Hat Linux &#038; SharePoint 0-Day Vulnerabilities Exploited \u2013 Pwn2Own Day 2<\/div>\n<p> \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>Security researchers uncovered critical zero-day vulnerabilities across major enterprise platforms during the second day of Pwn2Own Berlin 2025, earning a staggering $435,000 in bounties.<\/p>\n<p>The competition, hosted at the OffensiveCon conference, witnessed successful exploits against <a href=\"https:\/\/cybersecuritynews.com\/tag\/vmware-esxi\/\" target=\"_blank\" rel=\"noreferrer noopener\">VMware ESXi<\/a>, Microsoft SharePoint, Mozilla Firefox, and Red Hat Enterprise Linux, demonstrating significant security gaps in widely used enterprise software.<\/p>\n<p>In a historic achievement, Nguyen Hoang Thach of STARLabs SG executed the first-ever successful VMware ESXi exploit in Pwn2Own history. Using a single integer overflow vulnerability, Thach compromised the virtualization platform, earning $150,000 and 15 Master of Pwn points.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Outstanding! Nguyen Hoang Thach (<a href=\"https:\/\/twitter.com\/hi_im_d4rkn3ss?ref_src=twsrc%5Etfw\">@hi_im_d4rkn3ss<\/a>) of STARLabs SG used a single integer overflow to exploit <a href=\"https:\/\/twitter.com\/hashtag\/VMware?src=hash&amp;ref_src=twsrc%5Etfw\">#VMware<\/a> ESXi \u2013 a first in <a href=\"https:\/\/twitter.com\/hashtag\/Pwn2Own?src=hash&amp;ref_src=twsrc%5Etfw\">#Pwn2Own<\/a> history. He earns $150,000 and 15 Master of Pwn points. <a href=\"https:\/\/twitter.com\/hashtag\/P2OBerlin?src=hash&amp;ref_src=twsrc%5Etfw\">#P2OBerlin<\/a> <a href=\"https:\/\/t.co\/QmfZng11nV\">pic.twitter.com\/QmfZng11nV<\/a><\/p>\n<p>\u2014 Trend Zero Day Initiative (@thezdi) <a href=\"https:\/\/twitter.com\/thezdi\/status\/1923323484647641145?ref_src=twsrc%5Etfw\">May 16, 2025<\/a>\n<\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/figure>\n<p> This high-impact vulnerability in ESXi is particularly concerning as the hypervisor is widely deployed in enterprise data centers worldwide.<\/p>\n<p>Microsoft SharePoint proved equally vulnerable when Dinh Ho Anh Khoa of Viettel Cyber Security chained an <a href=\"https:\/\/cybersecuritynews.com\/authentication\/\" target=\"_blank\" rel=\"noreferrer noopener\">authentication<\/a> bypass with an insecure deserialization bug to gain unauthorized access. The exploit earned him $100,000 and 10 Master of Pwn points.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Confirmed!! Dinh Ho Anh Khoa (<a href=\"https:\/\/twitter.com\/_l0gg?ref_src=twsrc%5Etfw\">@_l0gg<\/a>) of Viettel Cyber Security combined an auth bypass and an insecure deserialization bug to exploit <a href=\"https:\/\/twitter.com\/hashtag\/Microsoft?src=hash&amp;ref_src=twsrc%5Etfw\">#Microsoft<\/a> SharePoint. He earns $100,000 and 10 Master of Pwn points. <a href=\"https:\/\/twitter.com\/hashtag\/Pwn2Own?src=hash&amp;ref_src=twsrc%5Etfw\">#Pwn2Own<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/P2OBerlin?src=hash&amp;ref_src=twsrc%5Etfw\">#P2OBerlin<\/a> <a href=\"https:\/\/t.co\/Q3DX7nZeUG\">pic.twitter.com\/Q3DX7nZeUG<\/a><\/p>\n<p>\u2014 Trend Zero Day Initiative (@thezdi) <a href=\"https:\/\/twitter.com\/thezdi\/status\/1923317597673533552?ref_src=twsrc%5Etfw\">May 16, 2025<\/a>\n<\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/figure>\n<p>As a collaboration platform integrated with <a href=\"https:\/\/cybersecuritynews.com\/tag\/microsoft-365\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft 365 environments<\/a>, this SharePoint vulnerability represents a significant risk to organizational data security.<\/p>\n<p>Browser security was also compromised as Palo Alto Networks researchers Edouard Bochin and Tao Yan demonstrated an out-of-bounds write vulnerability in Mozilla Firefox, earning $50,000 and 5 Master of Pwn points. The browser exploit highlights ongoing risks in client-side software despite years of security hardening.<\/p>\n<p>Red Hat Enterprise Linux fell to Gerrard Tai of STARLabs SG, who leveraged a use-after-free bug to escalate privileges, securing $10,000 and further consolidating STAR Labs\u2019 commanding lead in the Master of Pwn standings.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Confirmed! Gerrard Tai of STAR Labs SG Pte. Ltd used a Use-After-Free bug to escalate privileges on Red Hat Enterprise Linux. Their third-round win earns them $10,000 and 2 Master of Pwn points. <a href=\"https:\/\/t.co\/BXMKZNZ0lj\">pic.twitter.com\/BXMKZNZ0lj<\/a><\/p>\n<p>\u2014 Trend Zero Day Initiative (@thezdi) <a href=\"https:\/\/twitter.com\/thezdi\/status\/1923378354197037229?ref_src=twsrc%5Etfw\">May 16, 2025<\/a>\n<\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/figure>\n<p>The newly introduced AI category continued to attract successful exploits. Benny Isaacs, Nir Brakha, and Sagi Tzadik of Wiz Research exploited Redis using a use-after-free vulnerability, earning $40,000 and 4 Master of Pwn points.<\/p>\n<p>Ho Xuan Ninh and Tri Dang from Qrious Secure also chained four distinct bugs to compromise NVIDIA\u2019s Triton Inference Server, receiving $30,000 and 3 points.<\/p>\n<p>\u201cAnd that wraps up Day Two! We awarded $435,000, which brings the contest total to $695,000,\u201d announced the Zero Day Initiative, which operates the competition. \u201cWith a third day still to come, there\u2019s a very real chance we could reach the $1,000,000 threshold.\u201d<\/p>\n<p>The competition has revealed 20 unique zero-day vulnerabilities across two days, with STAR Labs establishing a seemingly insurmountable lead in the Master of Pwn rankings. <\/p>\n<p>Oracle VirtualBox was also successfully exploited when Viettel Cyber Security demonstrated a guest-to-host escape using an out-of-bounds write vulnerability, earning $40,000.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Confirmed! Viettel Cyber Security (<a href=\"https:\/\/twitter.com\/vcslab?ref_src=twsrc%5Etfw\">@vcslab<\/a>) used an OOB Write for their Guest-to-Host escape on <a href=\"https:\/\/twitter.com\/hashtag\/Oracle?src=hash&amp;ref_src=twsrc%5Etfw\">#Oracle<\/a> VirtualBox. The earn themselves $40,000 and 4 Master of Pwn points. <a href=\"https:\/\/t.co\/SugXdigVbt\">pic.twitter.com\/SugXdigVbt<\/a><\/p>\n<p>\u2014 Trend Zero Day Initiative (@thezdi) <a href=\"https:\/\/twitter.com\/thezdi\/status\/1923372716385595590?ref_src=twsrc%5Etfw\">May 16, 2025<\/a>\n<\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/figure>\n<p>Day Three of the competition will continue on Saturday, May 17, with remaining scheduled attempts targeting Windows 11, Oracle VirtualBox, VMware products, Mozilla Firefox, and NVIDIA systems.<\/p>\n<p>All vulnerabilities demonstrated during the contest are responsibly disclosed to vendors, who have 90 days to release security fixes before publishing technical details.<\/p>\n<p>This inaugural Berlin <a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2025\/5\/15\/pwn2own-berlin-2025-day-one-results\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">edition<\/a> of Pwn2Own marks the competition\u2019s first time including an AI category, reflecting growing concerns about security in emerging technologies.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 93%,rgb(169,184,195) 100%)\"><strong>Vulnerability Attack Simulation on How Hackers Rapidly Probe Websites for Entry Points \u2013 <a href=\"https:\/\/webinars.indusface.com\/15-minute-vulnerability-attack-simulation-insights-to-fortify-edge\/register?utm_source=gbhackers-blog-cta&amp;utm_campaign=2025-may-webinar-vulnerability&amp;utm_medium=referral\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Free Webinar<\/a><\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/pwn2own-0-day-vulnerabilities\/\">VMware ESXi, Firefox, Red Hat Linux &amp; SharePoint 0-Day Vulnerabilities Exploited \u2013 Pwn2Own Day 2<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Guru Baran<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/pwn2own-0-day-vulnerabilities\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>VMware ESXi, Firefox, Red Hat Linux &#038; SharePoint 0-Day Vulnerabilities Exploited \u2013 Pwn2Own Day 2 Security researchers uncovered critical zero-day vulnerabilities across major enterprise platforms during the second day of Pwn2Own Berlin 2025, earning a staggering $435,000 in bounties. The competition, hosted at the OffensiveCon conference, witnessed successful exploits against VMware ESXi, Microsoft SharePoint, Mozilla [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,131,648],"tags":[130],"class_list":["post-4032","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/4032"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=4032"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/4032\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=4032"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=4032"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=4032"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}