Pwn2Own Ireland 2025: Researchers Unveil 73 Zero-Day Vulnerabilities
Executive Summary
In June 2025, the Pwn2Own Ireland hacking competition saw security researchers successfully exploit 73 unique zero-day vulnerabilities across a variety of enterprise software and devices. Over $1,024,750 in rewards were awarded as teams identified and demonstrated live, working exploits, many targeting critical business platforms. These zero-days, by definition previously unknown to vendors, highlight the rapid pace at which vulnerabilities are discovered and the ongoing challenges organizations face in maintaining strong security posture against both sophisticated and opportunistic attackers.
This event underscores the persistent risk of zero-day vulnerabilities and the growing sophistication of offensive security research. The scale and speed of exploit identification at Pwn2Own reflect broader industry trends, including increased investment in bug bounties and rising regulatory expectations for vulnerability management and disclosure.
Why This Matters Now
Pwn2Own 2025 demonstrates how quickly novel exploits can surface, putting unprepared organizations at risk. The event highlights an urgent need for enterprises to prioritize zero-day detection, threat-informed defense strategies, and frictionless patch management as attackers and defenders both accelerate their technical capabilities.
Attack Path Analysis
Attackers exploited multiple zero-day vulnerabilities to gain an initial foothold in target systems. Using these initial accesses, they escalated privileges by exploiting additional flaws or misconfigurations. Attackers then moved laterally within cloud or container environments to access further sensitive workloads. They established command and control via covert outbound connections. Sensitive data was exfiltrated through encrypted or hidden channels. Ultimately, the attackers could impact business operations through destruction, backdoor implantation, or potential ransomware deployment.
Kill Chain Progression
Initial Compromise
Description
Attackers leveraged newly discovered zero-day vulnerabilities in cloud, SaaS, or container platforms to gain initial unauthorized access.
Related CVEs
CVE-2025-62847
CVSS 9.8A critical vulnerability in QNAP's QTS and QuTS hero operating systems allows remote code execution via improper input validation.
Affected Products:
QNAP QTS – 5.2.x
QNAP QuTS hero – h5.2.x, h5.3.x
Exploit Status:
proof of conceptCVE-2025-62848
CVSS 9.8A critical vulnerability in QNAP's QTS and QuTS hero operating systems allows remote code execution via improper input validation.
Affected Products:
QNAP QTS – 5.2.x
QNAP QuTS hero – h5.2.x, h5.3.x
Exploit Status:
proof of conceptCVE-2025-62849
CVSS 9.8A critical vulnerability in QNAP's QTS and QuTS hero operating systems allows remote code execution via improper input validation.
Affected Products:
QNAP QTS – 5.2.x
QNAP QuTS hero – h5.2.x, h5.3.x
Exploit Status:
proof of conceptCVE-2025-11837
CVSS 9A command injection vulnerability in QNAP's Malware Remover application allows remote attackers to execute arbitrary commands.
Affected Products:
QNAP Malware Remover – 6.6.8.20251023 and earlier
Exploit Status:
proof of conceptCVE-2025-59389
CVSS 9A vulnerability in QNAP's Hyper Data Protector allows remote attackers to execute arbitrary code via improper input validation.
Affected Products:
QNAP Hyper Data Protector – 2.2.4.1 and earlier
Exploit Status:
proof of conceptCVE-2025-62840
CVSS 8.6A path traversal vulnerability in QNAP's HBS 3 Hybrid Backup Sync allows unauthorized access to backup files.
Affected Products:
QNAP HBS 3 Hybrid Backup Sync – 26.2.0.938 and earlier
Exploit Status:
proof of conceptCVE-2025-62842
CVSS 8.6A path traversal vulnerability in QNAP's HBS 3 Hybrid Backup Sync allows unauthorized access to backup files.
Affected Products:
QNAP HBS 3 Hybrid Backup Sync – 26.2.0.938 and earlier
Exploit Status:
proof of concept
MITRE ATT&CK® Techniques
Exploitation for Client Execution
Exploit Public-Facing Application
Exploitation for Privilege Escalation
Exploitation of Remote Services
OS Credential Dumping
Impair Defenses
Indicator Removal on Host
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Security of system components with known vulnerabilities
Control ID: 6.2.3
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA (Digital Operational Resilience Act) – ICT Risk Management Framework
Control ID: Article 10
CISA ZTMM 2.0 – Continuous Asset and Vulnerability Management
Control ID: Asset Management | Continuous Vulnerability Assessment
NIS2 Directive – Technical and Organizational Measures
Control ID: Article 21(2)
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer/Network Security
Zero-day vulnerability research directly impacts security vendors whose products may contain exploitable flaws, requiring immediate patches and enhanced threat detection capabilities.
Computer Software/Engineering
Software companies face direct exposure as 73 zero-days demonstrate widespread vulnerabilities in applications, demanding accelerated security development practices and incident response protocols.
Financial Services
Banking and financial institutions require immediate assessment of affected systems given regulatory compliance obligations and critical infrastructure protection against newly discovered exploitation techniques.
Health Care / Life Sciences
Healthcare organizations must evaluate zero-day exposure across medical devices and patient data systems, ensuring HIPAA compliance and protecting critical healthcare infrastructure operations.
Sources
- Hackers earn $1,024,750 for 73 zero-days at Pwn2Own Irelandhttps://www.bleepingcomputer.com/news/security/hackers-earn-1-024-750-for-73-zero-days-at-pwn2own-ireland/Verified
- Severe QNAP NAS Zero-Day Flaws Patched After Pwn2Own 2025: What You Should Knowhttps://socradar.io/blog/severe-qnap-nas-zero-day-flaws-patched-pwn2own-2025/Verified
- QNAP fixes 7 critical NAS bugs discovered at Pwn2Own Ireland 2025https://www.redhotcyber.com/en/post/qnap-fixes-7-critical-nas-bugs-discovered-at-pwn2own-ireland-2025/Verified
- Hackers exploit 34 zero-days on first day of Pwn2Own Irelandhttps://www.bleepingcomputer.com/news/security/hackers-exploit-34-zero-days-on-first-day-of-pwn2own-ireland/Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Comprehensive zero trust controls—such as granular network segmentation, east-west traffic monitoring, strong policy enforcement on egress, and inline intrusion prevention—would have significantly disrupted the attacker's progression and contained impact. CNSF-aligned capabilities limit unauthorized lateral movement, detect anomalies, and prevent or alert on data exfiltration.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: Attempts to exploit known patterns are detected rapidly and inline controls prevent widespread exploitation.
Control: Zero Trust Segmentation
Mitigation: Privilege escalation is constrained by identity-aware microsegmentation policies.
Control: East-West Traffic Security
Mitigation: Unauthorized lateral movement attempts are detected and blocked at the network layer.
Control: Cloud Firewall (ACF) & Egress Security & Policy Enforcement
Mitigation: Egress firewalls filter malicious outbound or suspicious C2 traffic.
Control: Egress Security & Policy Enforcement
Mitigation: Outbound data transfers to unauthorized destinations are blocked or alerted in real time.
Rapid detection and response to unusual or destructive behaviors minimize operational impact.
Impact at a Glance
Affected Business Functions
- Data Storage
- Backup Operations
- Network Security
Estimated downtime: 3 days
Estimated loss: $500,000
Potential unauthorized access to sensitive data stored on NAS devices due to exploitation of vulnerabilities.
Recommended Actions
Key Takeaways & Next Steps
- • Enforce granular zero trust segmentation to strictly limit east-west movement and reduce blast radius of exploited vulnerabilities.
- • Deploy inline threat detection and anomaly response for real-time visibility and rapid containment of suspicious activity.
- • Implement comprehensive egress filtering to restrict outbound connections and prevent C2 communication and data exfiltration.
- • Apply strong encryption to all data in transit and utilize high-performance encrypted tunnels for hybrid and multicloud connectivity.
- • Integrate cloud-native firewalling and distributed policy controls to adaptively enforce security across dynamic cloud, SaaS, and container environments.
