VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin
VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025. [...]
Pwn2Own is a hacking competition where researchers demonstrate software and device vulnerabilities, helping vendors identify flaws and improve security.
Search across headline titles and summaries.
Background for this topic.
Pwn2Own is a sanctioned hacking competition in which security researchers exploit specified software, devices, or other technology under controlled rules for cash prizes. Targets vary by edition and may include browsers, operating systems, virtualization, mobile devices, enterprise applications, vehicles, or industrial systems. Winning attempts commonly use previously undisclosed vulnerabilities, sometimes chaining several flaws to achieve code execution, sandbox escape, or privilege escalation.
Its security value is that it produces evidence that a vulnerability can be exploited against a real target, rather than merely theoretical findings. Organizers coordinate disclosure with affected developers, who can investigate and issue fixes or mitigations. Security teams should monitor related advisories, identify whether their deployed versions are affected, and prioritize patching when a demonstrated exploit involves an exposed attack surface or requires limited user interaction. Competition results do not mean every instance is exploitable in every environment, and technical exploit details may remain restricted until remediation is available.
VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025. [...]