Record-Breaking Day for Security Researchers
Day One of Pwn2Own Ireland 2025 concluded with an extraordinary showcase of cybersecurity talent, as researchers demonstrated 34 unique zero-day vulnerabilities across a wide range of consumer devices.
The exploits earned participants a combined payout of $522,500, marking one of the most successful opening days in the competition’s history.
Hosted by Trend Micro’s Zero Day Initiative (ZDI), Pwn2Own is renowned for uncovering security flaws in real-world products. This year’s event stood out for its 100% success rate, with every single exploit attempt succeeding on the first day — a rare achievement in competitive hacking.
Teams Dominate Smart Home and NAS Devices
The first day featured 17 exploitation attempts targeting various connected devices including printers, routers, smart home systems, and NAS (Network-Attached Storage) units from major global manufacturers.
Team DDOS, made up of Bongeun Koo and Evangelos Daravigkas, took an early lead by chaining together eight vulnerabilities to compromise both a QNAP Qhora-322 router and a QNAP TS-453E NAS device.
Their impressive “SOHO Smashup” demonstration earned them $100,000 in prize money and 10 Master of Pwn points, placing them among the top contenders early in the event.
Smart Home Devices Fall to Expert Exploits
Several popular smart home products were also successfully compromised, including the Philips Hue Bridge, Synology ActiveProtect DP320, and Home Assistant Green.
Sina Kheirkhah from the Summoning Team stood out for participating in multiple successful exploits, including a powerful attack against the Synology ActiveProtect Appliance DP320 that earned an additional $50,000 in rewards.
In one of the most notable demonstrations, researcher DMDung of STAR Labs exploited a single out-of-bounds access vulnerability to take control of the Sonos Era 300 smart speaker — achieving the highest single-device payout of $50,000 and securing five Master of Pwn points.
Consumer printers were not spared from the day’s onslaught of exploits. Both Canon and HP devices were successfully hacked, highlighting ongoing concerns about the security of office and home printers.
The Canon imageCLASS MF654Cdw was a particularly popular target, with four different teams exploiting it using combinations of heap-based and stack-based buffer overflow vulnerabilities.
Meanwhile, Team Neodyme executed a stack-based buffer overflow on the HP DeskJet 2855e, earning $20,000 for their exploit.
Leave A Comment