Hacker Teams Win $792K as Samsung Galaxy S25 is Hacked at Pwn2Own

On the second day of Pwn2Own Ireland 2025, participants delivered an impressive display of skill, uncovering 56 new zero-day vulnerabilities and earning a combined total of $792,750 in rewards. This marks the second phase of the competition, held in Cork, Ireland, where cybersecurity experts compete to identify critical flaws in widely used devices and software.

One of the most notable achievements was the successful compromise of the Samsung Galaxy S25, carried out by Ken Gannon of Mobile Hacking Lab and Dimitrios Valsamaras of Summoning Team. Their sophisticated exploit chain combined five distinct vulnerabilities, earning them $50,000 and five points toward the coveted Master of Pwn title. Meanwhile, the PHP Hooligans team managed to hack a QNAP TS-453E NAS device in under a second, though their exploit relied on a previously known flaw and thus did not qualify as a new record.

Other researchers, including Chumie Tsai of CyCraft Technology, as well as teams from Verichains Cyber Force and Synacktiv, each earned $20,000 for successful attacks targeting QNAP TS-453E, Synology DS925+, and the Philips Hue Bridge. Additional exploits revealed previously unknown vulnerabilities in a Canon imageCLASS MF654Cdw printer, Home Automation Green system, Synology CC400W camera, Synology DS925+ NAS, Amazon smart plug, and Lexmark CX532adwe printer.

After two days of competition, Summoning Team remains in the lead with $167,500 in total winnings and 18 points. The opening day was equally productive, with participants identifying 34 vulnerabilities and earning $522,500 in total rewards. According to contest rules, device manufacturers have 90 days to patch the reported flaws before public disclosure by the Zero Day Initiative (ZDI).

The final day of Pwn2Own, scheduled for October 24, will feature new attack attempts on the Samsung Galaxy S25, as well as various storage and printing devices. One of the most anticipated demonstrations is a zero-click remote code execution exploit in WhatsApp—potentially the competition’s most lucrative entry, with a $1 million bounty. The participant known as Eugene from Team Z3 has announced plans to attempt the attack.

The contest is sponsored by Meta, Synology, and QNAP. The 2025 edition includes eight categories, spanning flagship smartphones (Samsung Galaxy S25, iPhone 16, Pixel 9), home and office electronics, messaging platforms, smart home systems, surveillance devices, and wearable technology such as Meta Quest 3/3S headsets and Ray-Ban smart glasses.

This year, organizers expanded the attack surface, allowing exploits via USB connections to locked smartphones, while maintaining standard wireless vectors such as Wi-Fi, Bluetooth, and NFC alongside physical access.

At last year’s Pwn2Own Ireland, participants collectively earned $1,078,750 for discovering more than 70 vulnerabilities, with Viettel Cyber Security taking the top prize of $205,000 for successful exploits targeting QNAP, Sonos, and Lexmark devices.

In January 2026, the Zero Day Initiative will return to Tokyo with Pwn2Own Automotive, the car-focused edition of the competition, held as part of the Automotive World exhibition and once again supported by Tesla.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy