Pwn2Own Automotive 2025 - Day One Results

SUCCESS - The team from PCAutomotive used a stack-based buffer overflow to gain code execution on the Alpine IVI. They earn $20,000 and two Master of Pwn points.

SUCCESS - The team from Viettel Cyber Security used an OS command injection bug to exploit the Kenwood IVI for code execution. They win $20,000 and 2 Master of Pwn points.

SUCCESS - Cong Thanh (@ExLuck99) and Nam Dung (@greengrass19000) of ANHTUD used an integer overflow to gain code execution on the Sony XAV-AX8500. The earn themselves $20,000 and 2 Master of Pwn points.

SUCCESS/COLLISION - Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) used a 3 bug combo to exploit the Phoenix Contact CHARX SEC-3150, but one was publicly known. He still earns $41,750 and 4.25 Master of Pwn points.

SUCCESS/COLLISION - It took a while for us to confirm, but confirm we did! The team from Synacktiv used a stack-based buffer overflow plus a known bug in OCPP to exploit the ChargePoint with signal manipulation through the connector. They earn $47,500 and 4.75 Master of Pwn points.

SUCCESS - The PHP Hooligans used a heap-based buffer overflow to exploit the Autel charger. They earn $50,000 and 5 Master of Pwn points.

SUCCESS - The team from GMO Cybersecurity by Ierae, Inc. used a stack-based buffer overflow to to confirm their second round exploit of the Kenwood IVI. They earn $10,000 and 2 Master of Pwn points.

SUCCESS - The Viettel Cyber Security (@vcslab) team used a stack-based buffer overflow to exploit the Alpine IVI. This second round win earns the $10,000 and 2 Master of Pwn points.

SUCCESS - Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) proves he's never going to give us up or let us down by using a hard-coded cryptographic key bug in the Ubiquiti charger. He earns himself $50,000 and 5 Master of Pwn points - putting him in the early lead.

SUCCESS - It may have take 3 attempts, but it's confirmed! Thanh Do (@nyanctl) of Team Confused used a heap-based buffer overflow to exploit the Sony IVI. His round 2 win nets him $10,000 and 2 Master of Pwn points.

SUCCESS - After accessing an open port via power drill, Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of fuzzware.io leveraged a stack-based buffer overflow on the Autel MaxiCharger. Their second round win nets them $25,000 and 5 Master of Pwn points.

COLLISION - Well that's awkward. SK Shieldus (@EQSTLab) used a OS command injection bug, but it was one demonstrated in last year's contest. Alpine chose not to patch it since "in accordance with ISO21434...the vulnerability is classified as 'Sharing the Risk'." Yikes. The SK Shieldus team earns $5,000 and 1 Master of Pwn point. Check out ZDI-24-846 for details on the original bug report.

FAILURE - Unfortunately, Sina Kheirkhah (@SinSinology) could not get his exploit of the Sony IVI working within the time allotted. He still ends Day One of #Pwn2Own Automotive with $91,750 and 9.25 Master of Pwn points.

SUCCESS - The Synacktiv (@Synacktiv) team used an OS command injection bug to exploit the Kenwood DMX958XR and play a video of the original Doom game. Their second round win earns them $10,000 and 2 Master of Pwn points.

SUCCESS/COLLISION - Rob Blakely and Andres Campuzano of the Technical Debt Collectors used multiple bugs to exploit Automotive Grade Linux, but one of the bugs was previously known. They still earn $33,500 and 3.5 Master of Pwn points in the 1st PwnOwn attempt.

SUCCESS - In our first Pwn2Own After Dark submission, Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of fuzzware.io leveraged an origin validation error bug to exploit the Phoenix Contact CHARX SEC-3150. The round 2 win earns them $25,000 and 5 Master of Pwn points.

FAILURE - Unfortunately, Riccardo Mori of Quarkslab (@quarkslab) could not get his exploit of the Autel MaxiCharger AC Wallbox Commercial working within the time allotted.

COLLISION - Bongeun Koo (@kiddo_pwn) of STEALIEN also used the bug exploited in the Alpine last year. He earns $5,000 and 1 Master of Pwn point - plus lots of style points for the Nyan Cat display.