Miss any of #Pwn2Own Ireland 2025? You can watch all of the video - attempts and recaps - at

[ZDI-25-1013|CVE-2025-33186] NVIDIA AIStore AuthN Hard-coded Credentials Authentication Bypass Vulnerability (CVSS 9.8; Credit: Peter Girnus (@gothburz) of Trend Zero Day Initiative)

Huge thanks for the keynote 💙 It was fantastic. Brian Gorenc (@MaliciousInput) – From Buffer Overflows to Breaking AI: Two Decades of ZDI Vulnerability Research 🎤 #POC2025

No time to read the patch blog and just want the highlights? Check out the Patch Report for November. @dustin_childs covers what you need to know and what to look out for.

It's a small release from #Microsoft and #Adobe, but there's one CVE in the wild and plently to discuss - including silent patches from October. @dustin_childs has his full roundup at

[ZDI-25-965|CVE-2025-61677] DataChain data_storage Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVSS 8.8; Credit: Peter Girnus (@gothburz) of Trend Zero Day Initiative)

Wrapping up #Pwn2Own Ireland 2025. The three day event saw some amazing exploits and traumatic failures. We laughed, we cried, we shouted. Check out the highlights and see who won Master of Pwn. #P2OIreland https://t.co/WW45Lkzj3d

What was bug if the day for #Pwn2Own Ireland day 3? Check it out

$1,024,750 - 73 unique bugs - a week of amazing research on display. #Pwn2Own Ireland had it all. Success. Failure. Intrigue. You name it. Congratulations to the Master of Pwn winners @SummoningTeam! Their outstanding work earned them $187,500 and 22 point. See you in Tokyo for

https://t.co/cE3pSZklzA

Unfortunately, Frisk and Opcode from the Inequation Group ctf team could not get their exploit of the Meta Quest 3S working within the time time allotted. They were able to cause a DoS, but did not achieve code execution. #Pwn2Own

We have another collision! Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS used a single bug to exploit the QNAP TS-453E, but the bug has been previously seen in the contest. Their work still earns them $10,000 and 2 Master of Pwn points. #Pwn2Own

Confirmed! namnp of Viettel Cyber Security used a crypto bypass and a heap overflow to exploit the Phillips Hue Bridge. They earn $20,000 and 4 Master of Pwn points, which catapults them in the Top 5. It also puts us over $1,000,000 for the contest! #Pwn2Own

Boom! One their second attempt, the Viettel Cyber Security successfully got a root shell on the Philips Hue Bridge. They head off to the disclosure room one last time to provide the details. #Pwn2Own

We have another collision. Evan Grant (@stargravy) used a single bug to exploit the QNAP TS-453E, but, unfortunately, it had been used earlier in the contest. He still earns $10,000 and 2 Master of Pwn points. #Pwn2Own

Boom! Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS completed their exploit of the QNAP TS-453E NAS device. They are off to the disclosure room to provide details. #Pwn2Own

Another collision: the Thalium team from Thales Group (@thalium_team) needed 3 bugs to exploit the Phillips Hue Bridge, but only their heap based buffer overflow was unique. The others were seen earlier in the contest. They still earn $13,500 and 2.75 Master of Pwn points.

Confirmed (with style!) - Interrupt Labs combined a path traversal and an untrusted search path bug to exploit the Lexmark CX532adwe. They got a reverse shell and loaded Doom on the LCD. We couldn't play it though :-[ Still awesome to see. #Pwn2Own