Day One of Pwn2Own Ireland 2025 ended with a clean sweep of successful exploits, with security researchers uncovering 34 zero-day vulnerabilities across a range of consumer and enterprise smart devices.
In total, Zero Day Initiative (ZDI) awarded $522,500 in bug bounties to participating teams, marking one of the most prolific opening days in the contest's history.
The event, organized by Trend Micro's ZDI, allows security researchers to responsibly disclose flaws to vendors under coordinated disclosure policies while receiving monetary compensation and public recognition.
The Irish iteration features a diverse set of targets, including smart printers, NAS devices, home automation controllers, and IoT networking gear. Today, on Day 1 of the event, seventeen teams launched exploit attempts, with every single one landing successfully.
The largest single payout of the day went to Team DDOS, represented by Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337), who chained eight unique vulnerabilities, many involving injections, in a double-device SOHO (Small Office/Home Office) attack against the QNAP QHora-322 router and the QNAP TS-453E NAS. Their work earned them $100,000 and a commanding 10 Master of Pwn points.
Other high-value targets fell throughout the day. Summoning Team, consisting of Sina Kheirkhah (@SinSinology) and McCaulay Hudson (@_mccaulay), scored $50,000 after exploiting the Synology ActiveProtect DP320 with a two-bug chain. Earlier in the day, Kheirkhah had independently breached the Synology DiskStation DS925+ for another $40,000, while Hudson also successfully targeted the Home Assistant Green, a popular open-source home automation hub, with three previously known bugs and one novel SSRF, earning a partial payout due to overlap.
Home Assistant Green was compromised by three separate teams on Day One. Stephen Fewer of Rapid7 achieved code execution using a triad of bugs, including server-side request forgery (SSRF) and command injection. Compass Security also hit the same target, combining arbitrary file write with cleartext data leakage to earn a $20,000 reward and 4 Master of Pwn points.
One of the most technically interesting entries came from the DEVCORE Research Team, with contributors YingMuo, HexRabbit, LJP, and nella17. They successfully exploited the QNAP TS-453E using multiple injection flaws and a format string vulnerability, a relatively rare vector in modern bug bounty reports, bringing home $40,000.
The Canon imageCLASS MF654Cdw was compromised multiple times by teams from STARLabs, Team ANHTUD, PetoWorks, and GMO Cybersecurity, with attack vectors ranging from heap overflows to invalid pointer dereferencing. Altogether, the Canon printer accounted for four successful entries and $50,000 in payouts. Similarly, Philips Hue Bridge was taken down by two separate teams, highlighting its exposure to OOB reads, overflows, and authentication bypasses.
The Synology BeeStation Plus and Sonos Era 300 smart speaker were also among the high-profile targets. The former was exploited by Synacktiv using a stack overflow for a $40,000 payout, while the latter was breached by dmdung of STAR Labs SG via an out-of-bounds access bug, earning one of the day's highest single-device awards at $50,000.
Leave a Reply