Pwn2Own Ireland 2025 Awards Over $1M for 73 Zero-Days
Category:Industry News / Research & Tools
Pwn2Own Ireland 2025 concluded with $1,024,750 awarded for 73 unique zero-day vulnerabilities discovered across categories including smartphones, NAS devices, printers, and IoT. High-profile vendors such as Samsung, QNAP, Synology and Lexmark saw multiple chains demonstrated, often combining memory corruption, auth bypass, and logic bugs to achieve code execution. The competition highlights persistent issues in embedded device security and the value of coordinated disclosure: vendors receive technical details and a 90-day remediation window before public disclosure. Security teams should track vendor advisories for affected products and prioritize firmware and patch management for devices identified during the contest.
CORTEX Protocol Intelligence Assessment
Business Impact: Medium — exploitable firmware/firmware-adjacent vulnerabilities on consumer and enterprise hardware require timely patching. Technical Context: Multi-bug chains demonstrated in contest environments emphasize the need for layered protections.
Strategic Intelligence Guidance
- Track Pwn2Own results and vendor advisories for identified affected models.
- Prioritize firmware updates for critical devices in enterprise inventories.
- Incorporate contest-discovered techniques into internal testing and red-team scenarios.
- Engage vendors for coordinated disclosure timelines and mitigations.
Vendors
Targets
Impact
Financial:$1,024,750
Intelligence Source: Pwn2Own Ireland 2025: Day Three and Master of Pwn | ZDI | Oct 24, 2025