Pierluigi Paganini
October 23, 2025
Day Two of Pwn2Own Ireland 2025 ends with participants earning $792,750 for 56 zero-days. Meta, Synology and QNAP are sponsoring the event. Pwn2Own Ireland 2025 includes eight categories of exploits targeting flagship smartphones (Galaxy S25, iPhone 16, Pixel 9), printers, network storage, home networking gear, messaging apps, smart home and surveillance devices, plus wearables like Meta Quest 3/3S and Ray-Ban Smart Glasses.
The Summoning Team leads after a Samsung Galaxy exploit highlight. The team earned a total of 18 points and $167,500 during the first two days of the event.
Ken Gannon / 伊藤 剣 of Mobile Hacking Lab, and Dimitrios Valsamaras of Summoning Team chained five vulnerabilities to exploit the Samsung Galaxy S25. The duo earned $50,000 and 5 Master of Pwn points.
Chumy Tsai of CyCraft earned $20K and 4 points for exploiting QNAP TS-453E via a single code injection flaw.
Le Trong Phuc and Cao Ngoc Quy of Verichains exploited Synology DS925+ via auth bypass and another bug, earning $20K and 4 Pwn points.
Team ANHTUD chained three bugs, including an SSRF, a cleartext storage of sensitive information issue and a collision, to exploit Home Automation Green with 45 second left, earning $16,750 and 3.75 Pwn points.
Day 1 of Pwn2Own Ireland saw 34 zero-days demoed and $522,500 awarded.
Vendors have 90 days to address the flaw discovered during the competition before their public disclosure.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Pwn2Own Ireland 2025)
