Greetings from the Broadcom PSIRT Team – VCF Division.
Pwn2Own 2025 has been wrapped-up and we have witnessed successful exploitation of some of the very well-known products. Broadcom VMware products have been a part of Pwn2Own since 2016. Similar to last year, VMware ESXi – Type 1 and VMware Workstation – Type 2 Hypervisors were the targets in the virtualization category with a prize money of $180,000 and $80,000 respectively.
We have seen three successful attempts on our products in this year’s contest.
On day 2 – May 16, 2025, Nguyen Hoang Thach of STARLabs SG successfully exploited VMware ESXi. This is the first time VMware ESXi was exploited in Pwn2Own hacking event.
On Day 3 – May 17, 2025, Corentin BAYET of Reverse Tactics successfully exploited ESXi by chaining two vulnerabilities. One of vulnerabilities used in the exploit was a collision as it was already known. Later that day, Thomas Bouzerar and Etienne Helluy-Lafont from Synacktiv managed to successfully exploit Workstation.
We are actively working on the remediation and we plan to publish a VMware Security Advisory to provide information on updates for the affected products.
We would like to thank Zero Day Initiative (ZDI) for allowing us to participate. In addition, we would like to thank teams from STAR Labs SG, Reverse Tactics, and Synacktiv for working with us to address the reported issues.
If you want to be informed on VMware Security Advisories (VMSAs), please sign up here for new and updated information.
