The contest, staged alongside OffensiveCon in Berlin on 14 May, produced 24 unique zero-day vulnerabilities and $523,000 in rewards on its first day. The results placed DEVCORE at the top of the early Master of Pwn rankings after a standout exploit against Microsoft Edge, while successful attacks on LiteLLM, OpenAI Codex, NVIDIA tooling, Chroma, LM Studio, Red Hat Enterprise Linux and Windows 11 pointed to a widening attack surface in software used by developers, cloud teams and corporate security operations.
Orange Tsai of DEVCORE delivered the day’s biggest payout by chaining four logic flaws to escape the Microsoft Edge sandbox, earning $175,000 and 17.5 Master of Pwn points. The result was significant because browser sandbox escapes remain among the most valuable exploit classes: they can turn a browser compromise into a deeper foothold on a system if paired with other weaknesses. Edge, built on Chromium, benefits from frequent upstream security work, but the successful chain showed that complex browser architecture continues to offer room for sophisticated exploit development.
Windows 11 was also compromised three times through privilege-escalation attacks. Angelboy and TwinkleStar03 of DEVCORE used an improper access control bug to elevate privileges, while Marcin Wiązowski demonstrated a heap-based buffer overflow. Kentaro Kawane of GMO Cybersecurity by Ierae later chained two use-after-free flaws for another escalation. Each successful Windows 11 entry reflected the continuing value of local privilege-escalation bugs, which are often used after an initial compromise to gain higher system permissions.
AI-linked targets gave the Berlin event a distinct character. LiteLLM, a framework used to manage access to multiple large language model providers, was taken down by researcher k3vg3n through a chain involving server-side request forgery and code injection, earning $40,000. A separate LiteLLM attempt by Ikotas Labs succeeded on stage but was classed as a collision because the bugs were already known to the vendor, reducing the reward to $8,000. The distinction matters because Pwn2Own rewards previously unknown vulnerabilities more heavily while still recognising valid demonstrations that overlap with vendor knowledge.
OpenAI Codex was also targeted. One attempt by Le Duc Anh Vu of Viettel Cyber Security did not work within the allotted time, but a team from Compass Security used a CWE-150 issue to exploit Codex and claim $40,000. Another Codex entry by Doyensec’s maitai was marked as a collision, bringing a lower award. Anthropic Claude Code was hit in a similar pattern, with a Viettel Cyber Security entry succeeding on stage but counted as a collision because the relevant flaw had already been known.
NVIDIA systems formed a separate category and drew multiple successful entries. Chompie of IBM X-Force Offensive Research used a single bug against NV Container Toolkit, earning $50,000. NVIDIA Megatron Bridge was exploited by Satoki Tsuji of Ikotas Labs through an overly permissive allowed-list issue, while Yoseop Kim later used a CWE-470 bug against the same target in a second-round attempt. Out Of Bounds researcher haehae also used a path traversal bug against Megatron Bridge. These results highlighted the security challenges around AI infrastructure, especially where container tooling, model orchestration and developer workflows intersect.
Other AI and data targets also fell. Out Of Bounds exploited Chroma by chaining integer overflow and race condition weaknesses, while STARLabs SG chained five bugs, including server-side request forgery and code injection, against LM Studio. The successful LM Studio exploit earned $40,000. Chompie also escalated privileges on Red Hat Enterprise Linux for Workstations through a race condition, adding another $20,000 to the day’s reward total.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
