Windows 11 and Red Hat Linux hacked on first day of Pwn2Own

On the first day of Pwn2Own Berlin 2025, security researchers were awarded $260,000 after successfully demonstrating zero-day exploits for Windows 11, Red Hat Linux, and Oracle VirtualBox. Red Hat Enterprise Linux for Workstations was the first to fall in the local privilege escalation category after DEVCORE Research Team's Pumpkin exploited an integer overflow vulnerability to earn $20,000. Hyunwoo Kim and Wongi Lee also got root on a Red Hat Linux device by chaining a use-after-free and an information leak, but one of the exploited flaws was an N-day, which led to a bug collision. Next, Chen Le Qi of STARLabs SG was awarded $30,000 for an exploit chain combining a use-after-free and an integer overflow to escalate privileges to SYSTEM on a Windows 11 system. Windows 11 was hacked twice more to gain SYSTEM privileges by Marcin Wiązowski, who exploited an out-of-bounds write vulnerability, and Hyeonjin Choi, who demoed a type confusion zero-day. Team Prison Break earned $40,000 af ... Read full article.