Summary: The Pwn2Own Automotive 2025 competition saw security researchers exploit 16 unique zero-day vulnerabilities, earning a total of $382,750 in cash awards. Fuzzware.io led the event by hacking electric vehicle chargers, while other teams also showcased their skills against various automotive technologies. The competition emphasizes the importance of securing automotive systems as vendors are given 90 days to patch the reported vulnerabilities.
Threat Actor: Fuzzware.io, Summoning Team, Synacktiv Team, PHP Hooligans, Viettel Cyber Security | Fuzzware.io, Summoning Team, Synacktiv Team, PHP Hooligans, Viettel Cyber Security
Victim: Autel, Phoenix Contact, Ubiquiti, ChargePoint, Kenwood | Autel, Phoenix Contact, Ubiquiti, ChargePoint, Kenwood
Keypoints :
- Fuzzware.io earned $50,000 for exploiting vulnerabilities in EV chargers.
- Sina Kheirkhah from Summoning Team collected $91,750 by hacking Ubiquiti and Phoenix Contact chargers.
- Vendors have 90 days to patch reported zero-day vulnerabilities after the competition.