Virtual machine and container escapes: Virtualization sits at the core of public cloud infrastructure and private data centers, allowing companies to run their workloads and applications inside isolated containers or virtual servers. Any flaw that allows escaping from the confines of a virtual machine or a Linux container poses a risk not only to the host machine, but also all other virtualized resources running on it.During the first day at Pwn2Own researchers from Team Prison Break used an integer overflow to escape from Oracle VirtualBox into the host operating system. This was followed up by the STAR Labs team who used a use-after-free bug to perform an escape from the Docker Desktop OS-level container platform and execute code on the underlying OS.On day two, researchers from Viettel Cyber Security exploited an out-of-bounds write error to achieve a VirtualBox guest-to-host escape and Nguyen Hoang Thach of STARLabs compromised the VMware ESXi hypervisor with a single integer overflow bug a first in the contest’s history, earning him $150,000 just for this bug alone.On day three, Nguyen and his colleague Dung from STARLabs used a TOCTOU race condition to escape the Oracle VirtualBox VM while Thomas Bouzerar and Etienne Helluy-Lafont from Synacktiv used a heap-based buffer overflow to exploit VMware Workstation.Researchers Nir Ohfeld and Shir Tamari of Wiz Research used an external initialization of trusted variables bug to exploit the NVIDIA Container Toolkit, an open-source piece of software that allows users to build and run GPU-accelerated containers.
Remote code execution in browsers and AI tools: Mozilla Firefox was the only target on which exploits were attempted during the context and was compromised twice, on day two by Edouard Bochin and Tao Yan from Palo Alto Networks with an out-of-bounds write and on day three by Manfred Paul who used an integer overflow in the browser’s renderer.Mozilla already released emergency patches for these two vulnerabilities, now tracked as CVE-2025-4918 and CVE-2025-4919, classifying them as critical severity.Also, researcher Dinh Ho Anh Khoa of Viettel Cyber Security combined an authentication bypass flaw with an insecure deserialization bug to exploit Microsoft SharePoint.This was the first edition of the contest to have an AI category which included the Redis in-memory key-value database, the Chroma AI application database and the NVIDIA Triton Inference Server, an AI model deployment and inference software that’s part of NVIDIA’s AI platform. The addition was because organizations are rapidly adopting this technology and are deploying a variety of open-source AI tools and frameworks in the process, often failing to secure them against external attackers. In total, seven of the 28 vulnerabilities disclosed during Pwn2Own this year came from this category.On day one, a team of researchers from cloud security firm Wiz attempted an exploit against the NVIDIA Triton Inference Server but failed to get it to work within the allotted time. However, on the same day, Sina Kheirkhah of Summoning Team and Viettel Cyber Security successfully demonstrated separate exploits against NVIDIA Triton but both bugs were already known to the vendor, despite not being yet patched. Kheirkhah followed that up with a successful exploit against the Chrome AI database.On day two, researchers Ho Xuan Ninh and Tri Dang from Qrious Secure demonstrated an exploit against NVIDIA Triton that combined four bugs. Mohand Acherir and Patrick Ventuzelo of FuzzingLabs also demonstrated a successful exploit, but the bug they used was known by the vendor.Also on day two, researchers Benny Isaacs, Nir Brakha and Sagi Tzadik of Wiz Research managed to exploit the Redis database using a use-after-free exploit.The final day saw another successful exploit against Triton, again with a bug that turned out to be known to the vendor, by a team of researchers from FPT NightWolf, as well as a failed attempt for a Triton exploit by team STAR Labs who could not get their exploit to work in time.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3989785/ethical-hackers-exploited-zero-day-vulnerabilities-against-popular-os-browsers-vms-and-ai-frameworks.html
