Zero Day Initiative

It’s the second Tuesday of the month, and while many places in the Northern Hemisphere are scorching, Microsoft and Adobe have released their latest security offering in hopes of cooling things down. Grab an iced beverage and take a break from your scheduled activities and join us as we review the details of their latest security alertsIf you’d rather watch the full video recap covering the entire release, you can check it out here:

Adobe Patches for June 2025

For June, Adobe released seven bulletins addressing massive 254 CVEs in Adobe Acrobat Reader, InCopy, Experience Manager, Commerce, InDesign, Substance 3D Sampler, and Substance 3D Painter. Four of these bugs were reported through the Trend ZDI program. Of these patches, Adobe rates the fixes for Commerce as Priority 1, even though they state there are no known exploits for the five CVEs addressed. The biggest update by far affects Experience Manager. This fix alone covers 225 CVEs – although most are simply cross-site scripting (XSS) bugs. Still, XSS bugs can lead to arbitrary code execution.

Of the remaining updates, the fix for Acrobat covers 10 bugs that could lead to code execution in an open-and-own scenario. The fix for InCopy addresses two Critical-rated code execution bugs. For InDesign, five of the nine CVEs are also Critical-rated code execution bugs with the others being memory leaks. The fix for Substance 3D Sampler also fixes two code execution bugs. Finally, the June release from Adobe end with a single fix for an Out-of-Bounds (OOB) Write bug in Substance 3D Painter.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release.

Microsoft Patches for June 2025

This month, Microsoft released a reasonable 66 new CVEs in Windows and Windows Components, Office and Office Components, .NET and Visual Studio, Nuance Digital Engagement Platform, and the Windows Cryptographic Service. Three of these bugs were reported through the Trend ZDI program. With the additional third-party CVEs being documented, it brings the combined total to 70 CVEs.

Of the patches released today, 10 are rated Critical, and the rest are rated Important in severity. This number of fixes is relatively typical for June, but it does put Microsoft ahead of where they were at this point last year in regards to CVEs released year-over-year. It’s also another massive release for Office-related bugs. Time will tell if any of these make their way into exploit kits in the future.

Microsoft lists one bug as being under active attack at the time of release, with one other being publicly known. Let’s take a closer look at some of the more interesting updates for this month, starting with the vulnerability currently being exploited in the wild:

-   CVE-2025-33053 – Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability
The ghost of Internet Explorer (IE) haunts us still, as this bug forces Windows to use the deprecated browser in various legacy applications. Microsoft doesn’t give any indication into how widespread these attacks are, but they have taken the extraordinary step of producing patches for platforms that are officially out of support, like Windows 8 and Windows Server 2012. The exploit does require a user to click on a malicious URL, but that’s the only necessary step for code execution. Given that Microsoft produced updates for out-of-support OSes, I would patch this one quickly.

-  CVE-2025-33070 – Windows Netlogon Elevation of Privilege Vulnerability
This Critical-rated bug allows threat actors to execute their code on domain controllers simply by sending specially crafted authentication requests to affected domain controllers. Although not specifically stated, one would assume the code would run at the level of the Netlogon service, which does run with elevated privileges. Microsoft also lists this as an “Exploitation more likely” bug, and considering the outcome, it would not surprise me to see this exploited in the coming months.

-  CVE-2025-33073 – Windows SMB Client Elevation of Privilege Vulnerability
This bug is listed as publicly known, and multiple researchers have been credited for reporting it. It leads to code execution at the SYSTEM level, and it could be triggered by convincing a user to connect to an attacker-controlled malicious application server. The most obvious choice here would be an SMB server. Upon connecting, the malicious server could compromise the affected system and elevate privileges.

-  CVE-2025-47162 – Microsoft Office Remote Code Execution Vulnerability
This is one of four(!) Office-related bugs where the Preview Pane is an attack vector. Most of these are also given the highest exploit index rating, which means Microsoft expects public exploitation within 30 days. Since these bugs run without user interaction, they are often paired with a privilege escalation bug to take over a system. And since the Preview Pane is in play, it doesn’t even matter if users don’t click on that dodgy mail. Don’t wait to roll out Office updates this month..

Here’s the full list of CVEs released by Microsoft for June 2025:

CVE Title Severity CVSS Public Exploited Type CVE-2025-33053 Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability Important 8.8 No Yes RCE CVE-2025-33073 Windows SMB Client Elevation of Privilege Vulnerability Important 8.8 Yes No EoP CVE-2025-47162 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2025-47164 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2025-47167 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2025-47953 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2025-47172 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2025-47966 Power Automate Elevation of Privilege Vulnerability Critical 9.8 No No EoP CVE-2025-33071 Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability Critical 8.1 No No RCE CVE-2025-33070 Windows Netlogon Elevation of Privilege Vulnerability Critical 8.1 No No EoP CVE-2025-32710 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical 8.1 No No RCE CVE-2025-29828 Windows Schannel Remote Code Execution Vulnerability Critical 8.1 No No RCE CVE-2025-30399 .NET and Visual Studio Remote Code Execution Vulnerability Important 7.5 No No RCE CVE-2025-3052 * Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass Important 6.7 No No SFB CVE-2025-32725 DHCP Server Service Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-33050 DHCP Server Service Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-32724 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-47968 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-47165 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-47174 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-47173 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-47171 Microsoft Outlook Remote Code Execution Vulnerability Important 6.7 No No RCE CVE-2025-47176 Microsoft Outlook Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-47175 Microsoft PowerPoint Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-47163 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-47166 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-47168 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-47169 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-47170 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-47957 Microsoft Word Remote Code Execution Vulnerability Important 8.4 No No RCE CVE-2025-47977 † Nuance Digital Engagement Platform Spoofing Vulnerability Important 7.6 No No Spoofing CVE-2025-32715 Remote Desktop Protocol Client Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-47959 Visual Studio Remote Code Execution Vulnerability Important 7.1 No No RCE CVE-2025-32712 Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-33069 Windows App Control for Business Security Feature Bypass Vulnerability Important 5.1 No No SFB CVE-2025-32713 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-33052 Windows DWM Core Library Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-32714 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-33075 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-33056 Windows Local Security Authority (LSA) Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-33057 Windows Local Security Authority (LSA) Denial of Service Vulnerability Important 6.5 No No DoS CVE-2025-32716 Windows Media Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-32721 Windows Recovery Driver Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2025-47955 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-33064 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-33066 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-47962 † Windows SDK Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-47956 Windows Security App Spoofing Vulnerability Important 5.5 No No Spoofing CVE-2025-47160 Windows Shortcut Files Security Feature Bypass Vulnerability Important 5.4 No No SFB CVE-2025-32718 Windows SMB Client Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-33068 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-24065 Windows Storage Management Provider Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-24068 Windows Storage Management Provider Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-24069 Windows Storage Management Provider Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-32719 Windows Storage Management Provider Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-32720 Windows Storage Management Provider Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-33055 Windows Storage Management Provider Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-33058 Windows Storage Management Provider Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-33059 Windows Storage Management Provider Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-33060 Windows Storage Management Provider Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-33061 Windows Storage Management Provider Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-33062 Windows Storage Management Provider Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-33063 Windows Storage Management Provider Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-33065 Windows Storage Management Provider Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-32722 Windows Storage Port Driver Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-33067 Windows Task Scheduler Elevation of Privilege Vulnerability Important 8.4 No No EoP CVE-2025-47969 Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability Important 4.4 No No Info CVE-2025-5419 * Chromium: CVE-2025-5419 Out of bounds read and write in V8 High N/A No Yes RCE CVE-2025-5068 * Chromium: CVE-2025-5068 Use after free in Blink Medium N/A No No RCE

* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.

† Indicates further administrative actions are required to fully address the vulnerability.

 

Moving on to the other Critical-rated patches for June, there are the other Office bugs with the Preview Pane as an attack vector. There’s a frightening looking bug in Power Automate, but Microsoft has already addressed this and there is no customer action required. There’s a SharePoint RCE that requires low privileges to perform a SQL injection. There’s a bug in the Kerberos KDC Proxy Service that allows an attacker to execute their code on affected systems by using a malicious app to leverage a vulnerability in the cryptographic protocol. Fortunately, this is limited to systems registered as a Kerberos KDC Proxy Protocol server. Domain controllers aren’t affected. There’s another crypto related bug in Schannel. An attacker could gain code execution by sending malicious fragmented ClientHello messages to a target server that accepts Transport Layer Security (TLS) connections – and it would take a flood of these messages to trigger the exploit. That should make it relatively easy to detect, assuming you’re looking for such things. The final Critical-rate bug for June is for the Windows Remote Desktop Services. This bug was silently patched in May and is just now being documented. I don’t have the ink to explain how bad silent patches can be but do take notice.

Looking at the remaining code execution bugs, there are a plethora of the open-and-own variety in Office components. For these, user interaction is required and the Preview Pane is not an attack vector. There’s also our monthly dose of bugs in the RRAS service. There are two deserialization bugs in SharePoint that are somewhat confusing. They are rated Important but have the exact same CVSS as the Critical SharePoint bug. Is SQL injection that much worse than deserialization? Finally, there are a pair of DLL loading bugs in .NET and Visual Studio.

There are only a handful of elevation of privilege (EoP) bugs in this month’s release, and we’ve already covered the most important. Beyond those, the remaining bugs simply lead to SYSTEM-level code execution or administrative privileges if an authenticated user runs specially crafted code. The only bug that requires additional mention occurs in the Windows SDK. If you aren’t familiar with installing and maintaining the SDK, Microsoft provides this document with further information.

There are two security feature bypass (SFB) patches in this month’s release. The first is in App Control and addresses a bug that can bypass App Control policy. The other bypasses Shortcut File security. Although this one is not listed as under active attack, we seen this type of bug used by ransomware in the recent past.

The June release includes more fixes for information disclosure bugs than EoP bugs. Fortunately, most of these are in the Windows Storage Management Provider and only result in info leaks consisting of unspecified memory contents. This is useful info to have when exploiting components on a system, but otherwise not quite riveting. The only real exception here impacts Windows Virtualization-Based Security (VBS). This vulnerability could result in the disclosure of secrets or privileged information belonging to the user of the affected application. VBS is a newer feature designed to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised, so it’s interesting to see it targeted so quickly.

There are a half dozen patches for Denial-of-Service (DoS) bugs in this release. However, Microsoft provides no actionable information about these bugs. Instead, they simply state that an attacker could deny service over a network to that component. Considering the impacted components include DHCP server and the Local Security Authority (LSA), it would be great to know if these bugs are temporary DoSes or permanent. Is a reboot required? Does the system respond if the exploit stops? The world may never know.

Finally, there is a single Spoofing bug in the Nuance Digital Engagement Platform, which (according to the vendor) provides AI‑powered, omni‑channel technology to healthcare solutions. The bug itself is a cross-site scripting (XSS) bug and would allow an attacker to be read information in the target browser. To be fully protected from this bug, you’ll need to enable the “Block XSS” field in the configurations setting for their program to prevent JavaScript injection. According to Microsoft, “All affected customers have been notified by the Nuance team to make this update.” I would still check to ensure you’re protected if you are a Nuance user.

No new advisories are being released this month.

Looking Ahead

The next Patch Tuesday of 2025 will be on July 8, and I’ll be back then with my analysis and thoughts about the release. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!

Welcome to the third and final day of Pwn2Own Berlin 2025. We' start the day at $695,000 awarded for the contest. It will be interesting to see if we can breach the million dollar mark. Stay tuned for all of the results.

And we are finished!! What an amazing three days of research. Today, we awarded $383,750, which brings the event total to $1,078,750! Congratulations to the STAR Labs SG team for winning Master of Pwn. They earned $$320,000 and 35 Master of Pwn points. During the event, we purchased (and disclosed) 28 unique 0-days - seven of which came from the AI category. Thanks to OffensiveCon for hosting the event, the participants for bringing their amazing research, and the vendors for acting on the bugs quickly.

COLLISION - Although Angelboy (@scwuaptx) from DEVCORE Research Team successfully demonstrated their privilege escalation on Windows 11, one of the two bugs he used was known to the vendor. He still earns $11,250 and 2.25 Master of Pwn points.

COLLISION - Although @namhb1, @havancuong000, and @HieuTra34558978 of FPT NightWolf successfully exploited NVIDIA Triton, the bug they used was known by the vendor (but not patched yet). They still earn $15,000 and 1.5 Master of Pwn points.

SUCCESS - Former Master of Pwn winner Manfred Paul used an integer overflow to exploit Mozilla Firefox (renderer only). His excellent work earns him $50,000 and 5 Master of Pwn points.

SUCCESS - Nir Ohfeld (@nirohfeld) Shir Tamari (@shirtamari) of Wiz Research used a External Initialization of Trusted Variables bug to exploit the #NVIDIA Container Toolkit. This unique bug earns them $30,000 and 3 Master of Pwn points.

FAILURE - Unfortunately, the team from STAR Labs could not get their exploit of NVIDIA's Triton Inference server working within the time allotted.

SUCCESS - Dung and Nguyen (@MochiNishimiya) of STARLabs used a TOCTOU race condition to escape the VM and an Improper Validation of Array Index for the Windows privilege escalation. They earn $70,000 and 9 Master of Pwn points.

SUCCESS/COLLISION - Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics used two bugs to exploit ESXi, but the Use of Uninitialized Variable bug collided with a prior entry. His integer overflow was unique though, so he still earns $112,500 and 11.5 Master of Pwn points.

SUCCESS - Thomas Bouzerar (@MajorTomSec) and Etienne Helluy-Lafont from Synacktiv (@Synacktiv) used a heap-based buffer overflow to exploit VMware Workstation. They earn $80,000 and 8 Master of Pwn points.

SUCCESS - In the final attempt of Pwn2Own Berlin 2025, Miloš Ivanović (infosec.exchange/@ynwarcs) used a race condition bug to escalate privileges to SYSTEM on Windows 11. His fourth-round win nets him $15,000 and 3 Master of Pwn points.

Welcome to the second day of our first ever Pwn2OwnBerlin. Yesterday, we awarded $260,000 for some amazing research. Today looks to be even better, with more AI on the line, plus SharePoint and VMware ESXi. As always, we’ll be updating this blog with results as we have them.

And that wraps up Day Two! We awarded $435,000, which brings the contest total to $695,000. With a third day still to come, there’s a very real chance we could reach the $1,000,000 threshold. The research demonstrated includes 20 unique 0-days. STAR Labs has a commanding lead in the Master of Pwn points, and it seems unlikely anyone will catch them. Tune in tomorrow to find out!

COLLISION - Mohand Acherir & Patrick Ventuzelo (@pat_ventuzelo) of FuzzingLabs (@fuzzinglabs) exploited #NVIDIA Triton, but the exploit they used was known by the vendor (but unpatched). They still earn $15,000 and 1.5 Master of Pwn points.

SUCCESS - Dinh Ho Anh Khoa of Viettel Cyber Security combined an auth bypass and an insecure deserialization bug to exploit Microsoft SharePoint. He earns $100,000 and 10 Master of Pwn points.

SUCCESS - Nguyen Hoang Thach of STARLabs SG used a single integer overflow to exploit #VMware ESXi - a first in Pwn2Own history. He earns $150,000 and 15 Master of Pwn points.

SUCCESS - Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) from Palo Alto Networks used an Out-of-Bounds Write to exploit Mozilla Firefox. They earn $50,000 and 5 Master of Pwn points.

SUCCESS - The second full win in the AI category goes to Benny Isaacs (@benny_isaacs), Nir Brakha, Sagi Tzadik (@sagitz_) of Wiz Research as they leveraged a UAF to exploit Redis. They earn $40,000 and 4 Master of Pwn points.

FAILURE - Unfortunately, Sina Kheirkhah of Summoning Team could not get his exploit of SharePoint working within the time allotted.

SUCCESS - In the first full win against the NVIDIS Triton Inference server, Ho Xuan Ninh (@Xuanninh1412) and Tri Dang (@trichimtrich) from Qrious Secure used a four bug chain to exploit #NVIDIA Triton. Their unique work earns them $30,000 and 3 Master of Pwn points.

SUCCESS - Viettel Cyber Security (@vcslab) used an OOB Write for their Guest-to-Host escape on Oracle VirtualBox. They earn themselves $40,000 and 4 Master of Pwn points.

SUCCESS - Gerrard Tai of STAR Labs SG Pte. Ltd used a Use-After-Free bug to escalate privileges on Red Hat Enterprise Linux. His third-round win earns them $10,000 and 2 Master of Pwn points.

FAILURE - Unfortunately, Sina Kheirkhah of Summoning Team could not get his exploit of Oracle VirtualBox working within the time allotted.

Welcome to the first day of Pwn2Own Berlin 2025! We have 11 different attempts, including our first ever AI attempts. We’ll be updating this blog with results as we have them.

And that bring Day One of #Pwn2Own Berlin to a close. We awarded $260,000 today, but more great research is yet to come. STAR Labs has an early lead on Master of Pwn, but it's anyone's game at this point. Stay tuned for more results as we go.

SUCCESS - Pumpkin (@u1f383) from DEVCORE Research Team used an integer overflow to escalate privs on Red Hat Linux. He earns $20,000 and 2 Master of Pwn points.

Going from user land to root.

COLLISION - We have a bug collision. Although Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) successfully demonstrated his exploit of #NVIDIA Triton, the bug he used was known by the vendor (but not patched). He still earns $15K and 1.5 Master of Pwn points.

SUCCESS - Chen Le Qi (@cplearns2h4ck) of STARLabs SG combined a UAF and an integer overflow to escalate to SYSTEM on #Windows 11. He earns $30,000 and 3 Master of Pwn points.

FAILURE - Unfortunately, the team from Wiz Research could not get their exploit of the NVIDIA Triton Inference working within the time allotted.

COLLISION - Hyunwoo Kim (@V4bel) and Wongi Lee (@_qwerty_po) of Theori were able to escalate to root on Red Hat Linux with an info leak and a UAF, but one of the bugs used was an N-day. They still win $15,000 and 1.5 Master of Pwn points.

SUCCESS - The first ever winner of the AI category in Pwn2Own history is Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam). His successful exploitation of Chroma earns him $20,000 and 2 Master of Pwn points.

SUCCESS - In a surprise to no one, Marcin Wiązowski's privilege escalation on Windows 11 is confirmed! He used an Out-of-Bounds Write to escalate to SYSTEM. His work earns him $30,000 and 3 Master of Pwn points.

SUCCESS - Their enthusiasm was rewarded as Team Prison Break (Best of the Best 13th) used an integer overflow to escape Oracle VirtualBox and execute code on the underlying OS. They earn $40,000 and 4 Master of Pwn points.

COLLISION - We have another collision - Viettel Cyber Security (@vcslab) targeting NVIDIA Triton Inference Server successfully demonstrated their exploit - however it was known to the vendor, but not yet patched. They still earn $15000 and 1.5 Master of Pwn Points

SUCCESS - Hyeonjin Choi (@d4m0n_8) of Out Of Bounds earns $15,000 for a third round win and 3 Master of Pwn Points by successfully using a type confusion bug to escalate privileges in #Windows11 #Pwn2Own #P2OBerlin

SUCCESS - Nicely done! Billy and Ramdhan of STAR Labs used a UAF to perform their Docker Desktop escape and execute code on the underlying OS. They earn $60,000 and 6 Master of Pwn Points.

Willkommen and welcome to the inuaguaral Pwn2Own Berlin! Not only is this our first time at the OffensiveCon conference, but it’s also our first time including an AI category in the event. We’ve assembled some of the finest security researchers in the world to test the security of these systems, and we can’t wait to see what happens. We had our random drawing for the order of events earlier today, and from that, we have put together the following schedule. Please note that all times are local to Berlin and may change at any point.

Jump to:    Day One           Day Two           Day Three

Day One

Thursday, May 15 – 1030

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting NVIDIA Triton Inference Server in the AI category for $30000 and 3 Master of Pwn Points.

Thursday, May 15 – 1100

Pumpkin (@u1f383) from DEVCORE Research Team targeting Red Hat Enterprise Linux for Workstations in the Local Escalation of Privilege category for $20000 and 2 Master of Pwn Points.

Thursday, May 15 – 1130

Chen Le Qi (@cplearns2h4ck) of STARLabs SG targeting Microsoft Windows 11 in the Local Escalation of Privilege category for $30000 and 3 Master of Pwn Points.

Thursday, May 15 – 1230

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting Chroma in the AI category for $20000 and 2 Master of Pwn Points.

Thursday, May 15 – 1300

Hyunwoo Kim (@V4bel) and Wongi Lee (@_qwerty_po) of Theori targeting Red Hat Enterprise Linux for Workstations in the Local Escalation of Privilege category for $20000 and 2 Master of Pwn Points.

Ronen Shustin (@ronenshh) Nir Ohfeld (@nirohfeld) of Wiz Research targeting NVIDIA Triton Inference Server in the AI category for $30000 and 3 Master of Pwn Points.

Thursday, May 15 – 1330

Marcin Wiązowski targeting Microsoft Windows 11 in the Local Escalation of Privilege category for $30000 and 3 Master of Pwn Points.

Thursday, May 15 – 1430

Team Prison Break (Best of the Best 13th) targeting Oracle VirtualBox in the Virtualization category for $40000 and 4 Master of Pwn Points.

Billy(@st424204) and Ramdhan(@n0psledbyte) of STAR Labs targeting Docker Desktop in the Cloud/Container category for $60000 and 6 Master of Pwn Points.

Thursday, May 15 – 1500

Viettel Cyber Security (@vcslab) targeting NVIDIA Triton Inference Server in the AI category for $30000 and 3 Master of Pwn Points.

Thursday, May 15 – 1530

Hyeonjin Choi (@d4m0n_8) of Out Of Bounds targeting Microsoft Windows 11 in the Local Escalation of Privilege category for $30000 and 3 Master of Pwn Points.

Back to top

Day Two

Friday, May 16 – 1000

Mohand Acherir & Patrick Ventuzelo (@pat_ventuzelo) of FuzzingLabs (@fuzzinglabs) targeting NVIDIA Triton Inference Server in the AI category for $30000 and 3 Master of Pwn Points.

Friday, May 16 – 1030

Dinh Ho Anh Khoa (@_l0gg) of Viettel Cyber Security targeting Microsoft SharePoint in the Server category for $100000 and 10 Master of Pwn Points.

Nguyen Hoang Thach (@hi_im_d4rkn3ss) of STARLabs SG targeting VMware ESXi in the Virtualization category for $150000 and 15 Master of Pwn Points.

Friday, May 16 – 1100

Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) from Palo Alto Networks targeting Mozilla Firefox - Renderer Only in the Web Browser category for $50000 and 5 Master of Pwn Points.

Friday, May 16 – 1130

Benny Isaacs (@benny_isaacs), Nir Brakha, Sagi Tzadik (@sagitz_) of Wiz Research targeting Redis in the AI category for $40000 and 4 Master of Pwn Points.

Friday, May 16 – 1200

Ho Xuan Ninh (@Xuanninh1412) and Tri Dang (@trichimtrich) from Qrious Secure targeting NVIDIA Triton Inference Server in the AI category for $30000 and 3 Master of Pwn Points.

Friday, May 16 – 1230

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting Microsoft SharePoint in the Server category for $100000 and 10 Master of Pwn Points.

Friday, May 16 – 1430

Viettel Cyber Security (@vcslab) targeting Oracle VirtualBox in the Virtualization category for $40000 and 4 Master of Pwn Points.

Friday, May 16 – 1500

Gerrard Tai of STAR Labs SG Pte.Ltd. targeting Red Hat Enterprise Linux for Workstations in the Local Escalation of Privilege category for $20000 and 2 Master of Pwn Points.

Friday, May 16 – 1630

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting Oracle VirtualBox in the Virtualization category for $40000 and 4 Master of Pwn Points.

Back to top

Day Three

Saturday, May 17 – 1030

Angelboy (@scwuaptx) from DEVCORE Research Team targeting Microsoft Windows 11 in the Local Escalation of Privilege category for $30000 and 3 Master of Pwn Points.

Nir Ohfeld (@nirohfeld) Shir Tamari (@shirtamari) of Wiz Research targeting NVIDIA Container Toolkit in the AI category for $30000 and 3 Master of Pwn Points.

Saturday, May 17 – 1100

@namhb1 @havancuong000 @HieuTra34558978 of FPT NightWolf targeting NVIDIA Triton Inference Server in the AI category for $30000 and 3 Master of Pwn Points.

Saturday, May 17 – 1200

Manfred Paul (@manf@infosec.exchange) targeting Mozilla Firefox - Renderer Only in the Web Browser category for $50000 and 5 Master of Pwn Points.

Dung and Nguyen (@MochiNishimiya) of STARLabs targeting Oracle VirtualBox with EoP with Windows kernel vulnerability addon in the Virtualization category for $90000 and 9 Master of Pwn Points.

Saturday, May 17 – 1400

Billy(@st4242404) and Bruce(@bruce30262) of STAR Labs targeting NVIDIA Triton Inference Server in the AI category for $30000 and 3 Master of Pwn Points.

Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics targeting VMware ESXi in the Virtualization category for $150000 and 15 Master of Pwn Points.

Saturday, May 17 – 1600

Thomas Bouzerar (@MajorTomSec) and Etienne Helluy-Lafont from Synacktiv (@Synacktiv) targeting VMware Workstation in the Virtualization category for $80000 and 8 Master of Pwn Points.

Miloš Ivanović (infosec.exchange/@ynwarcs) targeting Microsoft Windows 11 in the Local Escalation of Privilege category for $30000 and 3 Master of Pwn Points. 

Back to top

The Results

We’ll be blogging and tweeting results in real-time throughout the competition. Be sure to keep an eye on the blog for the latest information. We’ll also be posting live results on Twitter, Mastodon, LinkedIn, and Bluesky, so follow us on your favorite social platform for the latest news, and keep an eye on the #P2OBerlin hashtag for continuing coverage.

©2025 Trend Micro Incorporated. All rights reserved. PWN2OWN, ZERO DAY INITIATIVE, ZDI, and Trend Micro are trademarks or registered trademarks of Trend Micro Incorporated. All other trademarks and trade names are the property of their respective owners.

It’s the second Tuesday of the month, and the final patch Tuesday before Pwn2Own Berlin. I know several contestants are sweating it out and hoping their entries are patched out. While they quiver with anticipation, take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:

Adobe Patches for May 2025

For May, Adobe released an unlucky 13 bulletins addressing 40 CVEs in Adobe Cold Fusion, Lightroom, Dreamweaver, Connect, InDesign, Substance 3D Painter, Photoshop, Animate, Illustrator, Bridge, Dimension, Substance 3D Stager, and Substance 3D Modeler. One of these CVEs was submitted through the Trend ZDI program. If you need to prioritize, Cold Fusion is a great place to start. Not only does it address seven Critical and one Important bug, but Adobe lists it as priority 1 – even though there are no active attacks listed. Cold Fusion also received patches last month, so these CVEs could be a bypass of that patch.

The remaining updates are all listed as Priority 3. There are three Critical-rated bugs in Photoshop that could be triggered by opening a specially crafted file. The fix for Animate corrects five bugs, including some that result in code execution. There are six CVEs in the fix for Substance 3D Stager. However, there are only two CVEs in the patch for Substance 3D Modeler, and one in Substance 3D Painter. Despite being different products, it seems sensible to group those together. The patch for InDesign addresses three bugs, but only one of those is rated Critical. There are three CVEs in the fix for Bridge and all could lead to code execution. The patch for Adobe Connect fixes four cross-site scripting (XSS) bugs. The Adobe release for May wraps up with one Critical-rated code exec bug each for Lightroom, Dreamweaver, and Illustrator.

 

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release.

Microsoft Patches for May 2025

This month, Microsoft released a reasonable 75 new CVEs in Windows and Windows Components, Office and Office Components, .NET and Visual Studio, Azure, Nuance PowerScribe, Remote Desktop Gateway Service, and Microsoft Defender. Three of these bugs were reported through the Trend ZDI program. With the additional third-party CVEs being documented, it brings the combined total to 82 CVEs.

Of the patches released today, 12 are rated Critical, and the rest are rated Important in severity. This number of fixes isn’t unusual for May, but it does put Microsoft ahead of where they were at this point last year in regards to CVEs released. It’s also unusual to see so many Office-related bugs getting patched in a single month. Perhaps this is a harbinger of attacks we can expect to see later this year.

Microsoft lists five bugs as being under active attack at the time of release, with two others being publicly known. Let’s take a closer look at some of the more interesting updates for this month, starting with one of the vulnerabilities currently being exploited in the wild:

-              CVE-2025-30397 - Scripting Engine Memory Corruption Vulnerability
This bug allows a remote attacker to execute their code on an affected system if they can convince a user to click a specially crafted link. Since this is in the wild, clearly someone clicked that link. This bug is interesting in that it forces Edge into Internet Explorer mode, so the ghost of IE continues to haunt us all. Microsoft provides no information on how widespread these attacks are, but I would go ahead and test and deploy this fix quickly.

-              CVE-2025-32701/CVE-2025-32706 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
This Windows component has been through the ringer, as it was also exploited in the previous months by other groups. These bugs allow privilege escalation to SYSTEM and are usually paired with a code execution bug to take over a system. In the past, these types of bugs were used by ransomware gangs, so it’s likely these are as well. Test and deploy quickly.

-              CVE-2025-32709 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Speaking of reruns, we also saw this component exploited in the wild back in February of this year. When we see the same component exploited again and again, I begin to question the quality of the patches and wonder if they are being bypassed. Again, we have a privilege escalation bug here leading to SYSTEM privileges.

-              CVE-2025-30400 - Microsoft DWM Core Library Elevation of Privilege Vulnerability
This is the final in-the-wild bug getting patched this month, and although we saw it patched back in January, this is the first exploit we’ve seen in this component in some time. This is another privilege escalation bug that leads to executing code as SYSTEM. All of the EoP bugs are commonly used in phishing and ransomware, so don’t let their lower severity fool you. Definitely test and deploy these patches quickly.

Here’s the full list of CVEs released by Microsoft for May 2025:

CVE Title Severity CVSS Public Exploited Type CVE-2025-30400 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No Yes EoP CVE-2025-30397 Scripting Engine Memory Corruption Vulnerability Important 7.5 No Yes RCE CVE-2025-32709 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No Yes EoP CVE-2025-32701 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No Yes EoP CVE-2025-32706 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No Yes EoP CVE-2025-26685 Microsoft Defender for Identity Spoofing Vulnerability Important 6.5 Yes No Spoofing CVE-2025-32702 Visual Studio Remote Code Execution Vulnerability Important 7.8 Yes No RCE CVE-2025-29827 Azure Automation Elevation of Privilege Vulnerability Critical 9.9 No No EoP CVE-2025-29813 Azure DevOps Elevation of Privilege Vulnerability Critical 10 No No EoP CVE-2025-29972 Azure Storage Resource Provider Spoofing Vulnerability Critical 9.9 No No Spoofing CVE-2025-47732 Microsoft Dataverse Remote Code Execution Vulnerability Critical 8.7 No No RCE CVE-2025-33072 Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability Critical 8.1 No No Info CVE-2025-30377 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2025-30386 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2025-47733 Microsoft Power Apps Information Disclosure Vulnerability Critical 9.1 No No Info CVE-2025-29833 Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability Critical 7.1 No No RCE CVE-2025-29966 Remote Desktop Client Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2025-29967 Remote Desktop Client Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability Important 8 No No Spoofing CVE-2025-29968 Active Directory Certificate Services (AD CS) Denial of Service Vulnerability Important 6.5 No No DoS CVE-2025-30387 Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability Important 9.8 No No EoP CVE-2025-24063 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-29973 † Microsoft Azure File Sync Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-29970 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-29826 Microsoft Dataverse Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2025-26684 Microsoft Defender Elevation of Privilege Vulnerability Important 6.7 No No EoP CVE-2025-29977 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-29979 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-30375 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-30376 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-30381 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-30393 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability Important 8.4 No No RCE CVE-2025-32705 Microsoft Outlook Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-29975 Microsoft PC Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-29978 Microsoft PowerPoint Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-29976 † Microsoft SharePoint Server Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-30378 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 7 No No RCE CVE-2025-30382 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-30384 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 7.4 No No RCE CVE-2025-27488 Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability Important 6.7 No No EoP CVE-2025-29969 MS-EVEN RPC Remote Code Execution Vulnerability Important 7.5 No No EoP CVE-2025-32707 NTFS Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-29841 Universal Print Management Service Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-29842 UrlMon Security Feature Bypass Vulnerability Important 7.5 No No SFB CVE-2025-21264 Visual Studio Code Security Feature Bypass Vulnerability Important 6.7 No No SFB CVE-2025-32703 Visual Studio Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-29971 Web Threat Defense (WTD.sys) Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-30385 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-29957 Windows Deployment Services Denial of Service Vulnerability Important 6.2 No No DoS CVE-2025-29838 Windows ExecutionContext Driver Elevation of Privilege Vulnerability Important 7.4 No No EoP CVE-2025-30388 Windows Graphics Component Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-29955 Windows Hyper-V Denial of Service Vulnerability Important 6.2 No No DoS CVE-2025-29837 Windows Installer Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-29974 Windows Kernel Information Disclosure Vulnerability Important 5.7 No No Info CVE-2025-27468 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-29954 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Important 5.9 No No DoS CVE-2025-29840 Windows Media Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-29962 Windows Media Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-29963 Windows Media Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-29964 Windows Media Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-29839 Windows Multiple UNC Provider Driver Information Disclosure Vulnerability Important 4 No No Info CVE-2025-29835 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-26677 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-30394 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Important 5.9 No No DoS CVE-2025-29831 Windows Remote Desktop Services Remote Code Execution Vulnerability Important 7.5 No No RCE CVE-2025-29830 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-29832 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-29836 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-29958 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-29959 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-29960 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-29961 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-29956 Windows SMB Information Disclosure Vulnerability Important 5.4 No No Info CVE-2025-29829 Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-4096 * Chromium: CVE-2025-4096 Heap buffer overflow in HTML High N/A No No RCE CVE-2025-4050 * Chromium: CVE-2025-4050 Out of bounds memory access in DevTools Medium N/A No No Info CVE-2025-4051 * Chromium: CVE-2025-4051 Insufficient data validation in DevTools Medium N/A No No RCE CVE-2025-4372 * Chromium: CVE-2025-4372 Use after free in WebAudio Medium N/A No No RCE CVE-2025-4052 * Chromium: CVE-2025-4052 Inappropriate implementation in DevTools Low N/A No No RCE

* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.

† Indicates further administrative actions are required to fully address the vulnerability.

 

Moving on to the Critical-rated patches, the two that jump out are the bug in Office that could lead to code execution. These types of bugs are usually open-and-own, but in this case the Preview Pane is listed as an attack vector. Unlike last month, there’s no user interaction required here, so simply receiving a specially crafted file in the Preview Pane would allow for code execution. There are some scary looking bugs in Azure, including a CVSS 10(!), but these bugs have already been mitigated by Microsoft, so there’s no further action to take. That’s also true of the Dataverse and Power Apps bugs. There’s a Critical-rated information disclosure bug in Nuance PowerScribe, which is an app for radiology reporting that could allow an attacker to gain PII. There are a couple of bugs in Remote Desktop Client, but they rely on a user connecting to a malicious RDP server. The bug in Virtual Machine Bus (VMBus) requires authentication.

Turning our attention to the other code execution bugs, we see a plethora of Office-related bugs, including nine for Excel alone. Fortunately, these are only the open-and-own variety, and the Preview Pane is not an attack vector. Beyond that, there’s a command injection bug in Visual Studio. Microsoft notes this bug is publicly known, but not under active attack. There’s a bug in Remote Desktop Services that at first glance sounds scary. An unauthenticated user can gain code execution by sending specially crafted packets. However, exploitation requires the admin to stop or restart the service. The final code execution bugs getting fixes this month all impact SharePoint. There are three deserialization bugs getting fixed. SharePoint is a popular target in Pwn2Own. We’ll see if these fixes knocked out any entries.

In addition to the two Critical-rated elevation of privilege (EoP) bugs already discussed, there are 16 others in this release. The majority of these simply either lead to SYSTEM-level code execution or administrative privileges if an authenticated user runs specially crafted code. There are some notable exceptions. The bug in Document Intelligence Studio On-Prem clocks in at a CVSS 9.8 and allows an attacker to download the content of the parent folder of the mounted path. The bugs in Universal Print Management and Windows CLFS allow for a file deletion, which, as we’ve seen, could then be turned into a privilege escalation. Lastly, the bug in Azure File Sync will take some work to fully resolve. If you need to take extra actions, you should have been notified through Azure Service Health Alerts under TrackingID: 4K2C-9_Z. If you haven’t received this alert, you aren’t affected and don’t need to take action.

There are two security feature bypass (SFB) patches in this month’s release. The first addresses a bug in URLMon that could allow an attacker to bypass the Office Protected View. This result in someone opening a file in editing mode rather than protected mode – a handy thing to have if you want to spread ransomware through phishing. The other SFB is in Visual Studio and could allow the bypass of the Trusted Domain Service

Looking at the information disclosure bugs in the May release, there are a handful. However, all of them merely result in info leaks consisting of unspecified memory contents. This is useful info to have when exploiting components on a system, but otherwise not quite riveting.

The May release include two fixes for spoofing bugs. The first is in Defender for Identity and could be reached by an adjacent attacker. Microsoft doesn’t specify what type of spoofing occurs, but given the name of the component, one would think an attacker could spoof someone’s identity. Microsoft also notes this bug was publicly disclosed prior to the patch release. The other spoofing bug is in .NET and Visual Studio. Authentication is required for this to be exploited, but it could allow a standard user to place a malicious file on a system then wait for the privileged victim to run the calling command.

There are seven lucky Denial-of-Service (DoS) bugs getting patches this month. However, Microsoft provides no actionable information about these bugs. Instead, they simply state that an attacker could deny service over a network (or locally) to that component.

No new advisories are being released this month.

Looking Ahead

The next Patch Tuesday of 2025 will be on June 10. Assuming I survive the next few days, I’ll be back with my analysis and thoughts about the release. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!

In this excerpt of a Trend Vulnerability Research Service vulnerability report, Nikolai Skliarenko and Yazhi Wang of the Trend™ Research Team detail a recently patched code execution vulnerability in the Apple macOS operating system. This bug was originally discovered by Hossein Lotfi of the Trend™  Zero Day Initiative. Successful exploitation could result in arbitrary code execution on the target machine in the context of the running process. The following is a portion of their write-up covering CVE-2024-44236, with a few minimal modifications.

An out-of-bounds write vulnerability has been reported in macOS. The vulnerability is due to the lack of proper validation of “lutAToBType” and “lutBToAType” tag types.

A remote attacker could exploit this vulnerability by enticing a victim to open a crafted file. A successful attack may result in code execution on the victim's machine in the context of the running process.

The Vulnerability

The Scriptable Image Processing System (sips) is a terminal utility included in macOS that allows a user to verify, edit, and print out information about ICC Profile files and images.

An ICC (International Color Consortium) Profile is a set of data that characterizes a color input or output device, or a color space, according to the standards by ICC. Every device that captures or displays color can have its own profile.

An ICC Profile file consists of a Header, Tag Table, and tagged element data:

The Header has the following format:

The Tag Table consists of a number of Individual Tag Structures in the following format:

The tagged element data is located after the Tag Table. Each data structure starts with a 4-byte signature, which is followed by a tag type-specific data. The two tag types relevant to the vulnerability are lutAToBType and lutBToAType. Both of those types use a similar format for storing the data:

The offsets are relative to the beginning of the tagged element data. Signature "\x6d\x42\x41\x20" is used for lutBToAType, and signature "\x6d\x41\x42\x20" is used for lutAToBType.

The function sub_1000194D0() handles those structures. The first 16 bytes starting from the value of the "Offset to CLUT" field are checked. If the index of the byte is bigger than the value of the "Number of input channels" field, and the value of the said byte is not a null, it will be changed to zero. Due to the insufficient validation of the "Offset to CLUT" field value, it is possible to set an offset equal to the total length of the tagged element data. That would cause the function to read and possibly modify memory up to 16 bytes past the end of the heap-allocated buffer.

A remote attacker could exploit this vulnerability by crafting a malicious ICC Profile file and enticing the victim to process it using a vulnerable version of sips tools. Successful exploitation could result in the execution of arbitrary code in the security context of the target user.

Source Code Walkthrough

The following code snippet was taken from sips version sips-307 for macOS 15.0.1. Comments added by Trend Research have been highlighted.

In sub_1000194D0():

Detection Guidance

To detect an attack exploiting this vulnerability, the detection device must monitor and parse traffic on the ports that can be used to deliver an attack that exploits this vulnerability. These include the following ports and services:

•            FTP, over ports 20/TCP, 21/TCP
•            HTTP, over port 80/TCP
•            HTTPS, over port 443/TCP
•            IMAP, over port 143/TCP
•            NFS, over ports 2049/TCP, 2049/UDP, 111/TCP, 111/UDP
•            POP3, over port 110/TCP
•            SMB/CIFS, over ports 139/TCP, 445/TCP
•            SMTP, over port 25/TCP

The detection device must monitor for transfer of ICC Profile files. If such a file transfer is found, the detection device must inspect its contents.

The detection device should verify that the Profile signature field in the Header is equal to the following byte string "\x61\x63\x73\x70". If found, the detection device should get the Count of tags value and compute the size of the Tag Table. After doing that, the Individual Tag Structures from the Tag Table must be processed. For each structure, the tagged element data located at the Offset to tag data from the beginning of the file must be inspected. If the data starts with "\x6d\x42\x41\x20" or "\x6d\x41\x42\x20", the value of the Offset to CLUT field must be checked. If it's equal to the Tag data size field from the corresponding Individual Tag Structure, the traffic should be considered suspicious; an attack exploiting this vulnerability is likely underway.

Notes:

•   All integers in the described structures are in the big-endian format 

Conclusion

This vulnerability was patched by the vendor in October. To date, no attacks have been detected in the wild. Apple does not provide any mitigations for this bug, so it is recommended to apply the vendor patch to completely address this issue.

Special thanks to Nikolai Skliarenko and Yazhi Wang of the Trend Research Team for providing such a thorough analysis of this vulnerability. For an overview of Trend Research services, please visit http://go.trendmicro.com/tis/.

The threat research team will be back with other great vulnerability analysis reports in the future. Until then, follow the team on Twitter, Mastodon, LinkedIn, or Bluesky for the latest in exploit techniques and security patches.

It’s the second Tuesday of the month, and, as expected, Microsoft and Adobe have released their latest security offerings – all tariff free. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:

Adobe Patches for April 2025

For April, Adobe released 12 bulletins addressing 54 CVEs in Adobe Cold Fusion, After Effects, Media Encoder, Bridge, Commerce, AEM Forms, Premiere Pro, Photoshop, Animate, AEM Screens, FrameMaker, and the Adobe XMP Toolkit SDK. Adobe lists the update for Cold Fusion as Priority 1 but states there are no exploits in the wild for the bugs being patched. The patch for AEM Forms is set to Priority 2. These aren’t new CVEs; just updates to dependencies. The patch for Commerce is also marked as Priority 2, although the CVEs being addressed are Important and Moderate. Still, the security bypasses shouldn’t be ignored. All of the other patches from Adobe are listed as Priority 3.

The patch for After Effects fixes seven bugs, two of which are Critical code execution flaws. The fix for Media Encoder corrects two code execution bugs. There’s just a single Critical fix in the Bridge update. That’s the same for the patches for Premiere Pro and Photoshop. The patch for Animate addresses two Critical and two Important bugs. The AEM Screens patch fixes a single cross-site scripting (XSS) bug. The update for FrameMaker fixes 10 CVEs, including several code execution bugs. Finally, the patch for the Adobe XMP Toolkit SDK fixes five different Out-of-Bounds (OOB) Read memory leaks.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. 

Microsoft Patches for April 2025

This month, Microsoft released a whopping 124 new CVEs in Windows and Windows Components, Office and Office Components, Azure, .NET and Visual Studio, BitLocker, Kerberos, Windows Hello, OpenSSH, and Windows Lightweight Directory Access Protocol (LDAP). One of these bugs was reported through the Trend ZDI program. With the additional third-party CVEs being documented, it brings the combined total to 134 CVEs.

Of the patches released today, 11 are rated Critical, two are rated Low, and the rest are rated Important in severity. The April release tends to be heavier, and this level of output doesn’t disappoint. It’s a small comfort that only one of these bugs is listed as publicly known or under active attack at the time of release.

Let’s take a closer look at some of the more interesting updates for this month, starting with the vulnerability currently being exploited in the wild:

-   CVE-2025-29824 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
This privilege escalation bug is listed as under active attack and allows a threat actor to execute their code with SYSTEM privileges. These types of bugs are often paired with code execution bugs to take over a system. Microsoft gives no indication of how widespread these attacks are. Regardless, test and deploy this update quickly.

-   CVE-2025-26663/CVE-2025-26670 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
These bugs allow a remote, unauthenticated attacker to execute their code on affected systems just by sending a specially crafted LDAP message. They would need to win a race condition, but we’ve seen plenty of exploits work around this requirement. Since just about everything can host an LDAP service, there’s a plethora of targets out there. And since no user interaction is involved, these bugs are wormable. LDAP really shouldn’t be allowed through your network perimeter, but don’t rely on that alone. Test and deploy these updates quickly – unless you’re running Windows 10. Those patches aren’t available yet.

-  CVE-2025-27480/CVE-2025-27482 - Windows Remote Desktop Services Remote Code Execution Vulnerability
Here are some more Critical-rated bugs that don’t rely on user interaction. An attacker just needs to connect to an affected system with the Remote Desktop Gateway role to trigger another race condition, resulting in code execution. RDS is popular for remote management, so it is often reachable from the Internet. If you must leave it open to the world, consider IP restricting it to known users, then test and deploy these patches.

-  CVE-2025-29809 - Windows Kerberos Security Feature Bypass Vulnerability
There are several security feature bypass (SFB) bugs in this release, but this one stands out above the others. A local attacker could abuse this vulnerability to leak Kerberos credentials. And you may need to take actions beyond just patching. If you rely on Virtualization-Based Security (VBS), you’ll need to read this document and then redeploy with the updated policy.

Here’s the full list of CVEs released by Microsoft for April 2025:

CVE Title Severity CVSS Public Exploited Type CVE-2025-29824 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No Yes EoP CVE-2025-26670 Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability Critical 8.1 No No RCE CVE-2025-27752 Microsoft Excel Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2025-29791 Microsoft Excel Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2025-27745 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2025-27748 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2025-27749 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2025-27491 Windows Hyper-V Remote Code Execution Vulnerability Critical 7.1 No No RCE CVE-2025-26663 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Critical 8.1 No No RCE CVE-2025-27480 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical 8.1 No No RCE CVE-2025-27482 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical 8.1 No No RCE CVE-2025-26686 Windows TCP/IP Remote Code Execution Vulnerability Critical 7.5 No No RCE CVE-2025-27740 Active Directory Certificate Services Elevation of Privilege Vulnerability Important 8.8 No No EoP CVE-2025-29810 Active Directory Domain Services Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2025-26682 ASP.NET Core and Visual Studio Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-25002 Azure Local Cluster Information Disclosure Vulnerability Important 6.8 No No Info CVE-2025-26628 Azure Local Cluster Information Disclosure Vulnerability Important 7.3 No No Info CVE-2025-27489 Azure Local Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-26637 BitLocker Security Feature Bypass Vulnerability Important 6.8 No No SFB CVE-2025-29812 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-27473 HTTP.sys Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-27479 Kerberos Key Distribution Proxy Service Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-29800 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-29801 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-24060 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-24062 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-24073 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-24074 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-29821 Microsoft Dynamics Business Central Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-29815 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 7.6 No No RCE CVE-2025-27750 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-27751 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-29823 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-26641 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-27744 Microsoft Office Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-29792 Microsoft Office Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2025-26642 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-27746 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-29822 Microsoft OneNote Security Feature Bypass Vulnerability Important 7.8 No No SFB CVE-2025-27731 Microsoft OpenSSH for Windows Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-29793 Microsoft SharePoint Remote Code Execution Vulnerability Important 7.2 No No RCE CVE-2025-29794 Microsoft SharePoint Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-27471 Microsoft Streaming Service Denial of Service Vulnerability Important 5.9 No No DoS CVE-2025-27743 † Microsoft System Center Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-26688 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-27747 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-29820 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-29816 Microsoft Word Security Feature Bypass Vulnerability Important 7.5 No No SFB CVE-2025-27483 NTFS Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-27733 NTFS Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-27741 NTFS Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-27742 NTFS Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-29805 Outlook for Android Information Disclosure Vulnerability Important 7.5 No No Info CVE-2025-27487 Remote Desktop Client Remote Code Execution Vulnerability Important 8 No No RCE CVE-2025-26679 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-20570 Visual Studio Code Elevation of Privilege Vulnerability Important 6.8 No No EoP CVE-2025-29802 Visual Studio Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2025-29804 Visual Studio Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2025-29803 Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2025-26681 Win32k Elevation of Privilege Vulnerability Important 6.7 No No EoP CVE-2025-26687 Win32k Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2025-29819 Windows Admin Center in Azure Portal Information Disclosure Vulnerability Important 6.2 No No Info CVE-2025-27490 Windows Bluetooth Service Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-29808 Windows Cryptographic Services Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-26678 Windows Defender Application Control Security Feature Bypass Vulnerability Important 8.4 No No SFB CVE-2025-26640 Windows Digital Media Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-27467 Windows Digital Media Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-27476 Windows Digital Media Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-27730 Windows Digital Media Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-24058 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-27732 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-26635 Windows Hello Security Feature Bypass Vulnerability Important 6.5 No No SFB CVE-2025-26644 Windows Hello Spoofing Vulnerability Important 6.2 No No Spoofing CVE-2025-27727 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-26647 Windows Kerberos Elevation of Privilege Vulnerability Important 8.1 No No EoP CVE-2025-29809 † Windows Kerberos Security Feature Bypass Vulnerability Important 7.1 No No SFB CVE-2025-26648 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-27739 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-27728 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-26673 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-27469 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-21191 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-27478 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-26651 Windows Local Session Manager (LSM) Denial of Service Vulnerability Important 6.5 No No DoS CVE-2025-27472 Windows Mark of the Web Security Feature Bypass Vulnerability Important 5.4 No No SFB CVE-2025-26666 Windows Media Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-26674 Windows Media Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-29811 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-21197 Windows NTFS Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-27736 Windows Power Dependency Coordinator Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-21204 Windows Process Activation Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-26671 Windows Remote Desktop Services Remote Code Execution Vulnerability Important 8.1 No No RCE CVE-2025-27738 Windows Resilient File System (ReFS) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-21203 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-26664 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-26667 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 No No RCE CVE-2025-26669 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 8.8 No No Info CVE-2025-26672 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-26676 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-27474 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 No No Info CVE-2025-26668 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 7.5 No No RCE CVE-2025-26649 Windows Secure Channel Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-27492 Windows Secure Channel Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-27737 Windows Security Zone Mapping Security Feature Bypass Vulnerability Important 8.6 No No SFB CVE-2025-27729 Windows Shell Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-21174 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-26652 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-26680 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-27470 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-27485 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-27486 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-26675 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-21205 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-21221 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-21222 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-27477 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-27481 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-27484 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability Important 7.5 No No EoP CVE-2025-27475 Windows Update Stack Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-26665 Windows upnphost.dll Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-26639 Windows USB Print Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-27735 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability Important 6 No No SFB CVE-2025-25001 Microsoft Edge for iOS Spoofing Vulnerability Low 4.3 No No Spoofing CVE-2025-29796 Microsoft Edge for iOS Spoofing Vulnerability Low 4.7 No No Spoofing CVE-2025-3066 * Chromium: CVE-2025-3066 Use after free in Navigations High N/A No No RCE CVE-2025-3067 * Chromium: CVE-2025-3067 Inappropriate implementation in Custom Tabs Medium N/A No No N/A CVE-2025-3068 * Chromium: CVE-2025-3068 Inappropriate implementation in Intents Medium N/A No No N/A CVE-2025-3069 * Chromium: CVE-2025-3069 Inappropriate implementation in Extensions Medium N/A No No N/A CVE-2025-3070 * Chromium: CVE-2025-3070 Insufficient validation of untrusted input in Extensions Medium N/A No No N/A CVE-2025-3071 * Chromium: CVE-2025-3071 Inappropriate implementation in Navigations Low N/A No No N/A CVE-2025-3072 * Chromium: CVE-2025-3072 Inappropriate implementation in Custom Tabs Low N/A No No N/A CVE-2025-3073 * Chromium: CVE-2025-3073 Inappropriate implementation in Autofill Low N/A No No N/A CVE-2025-3074 * Chromium: CVE-2025-3074 Inappropriate implementation in Downloads Low N/A No No N/A

* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.

† Indicates further administrative actions are required to fully address the vulnerability.

Looking at the other Critical-rated patches, there are several impacting Office and Excel. For all of these bugs, the Preview Pane is an attack vector, but Microsoft lists that user interaction is required. I’m not sure how to reconcile that other than to think maybe a user needs to manually preview an attachment from the Preview Pane. And Mac users are out of luck because the updates for Microsoft Office LTSC for Mac 2021 and 2024 are not available yet. There’s a Critical-rated Hyper-V bug, but it relies on authentication and social engineering, so it’s unlikely to be exploited in the wild. The final Critical bug is for TCP/IP and sounds intriguing. It centers around DHCPv6. An attacker could send a crafted response to a legitimate DHCPv6 request to execute code on the target system. That would usually require a Machine-in-the-Middle (MitM) type of attack. I would love to know how a crafted response leads to code execution. Hopefully, the researcher who reported this to Microsoft will publish their findings now that the bug is patched.

Moving on to the other code execution bugs, there are additional open-and-own bugs in Office components, but these do not have a Preview Pane vector. There’s also this month’s crop of RRAS and Telephony Service bugs. These seem to be a staple of every release now. There’s a bug in the RDP client, but it requires someone to connect to a malicious server. There are two bugs in SharePoint that confuse me. Both say that “Site Owner” permissions are required for exploitation, but one lists this as Low privilege while the other lists it as High. This lack of consistency from Microsoft is frustrating. Speaking of inconsistencies, there’s another RDS Gateway bug identical to the two already documented above. However, this one is rated Important instead of Critical. Same description. Same CVSS score. Even the same researcher. ¯\_(ツ)_/¯

There are nearly 50 privilege escalation bugs in this month’s release, and most of these simply either lead to SYSTEM-level code execution or administrative privileges if an authenticated user runs specially crafted code (or ROOT in the case of Microsoft AutoUpdate for Mac). As always, there are some notable exceptions. The bug in Azure could allow the loading of DLLs into an enclave, which could then be used for code execution within that enclave. The bugs in Visual Studio could allow an attacker to escalate to a targeted user’s level. The bugs in Digital Media could allow for escalating code to run at Medium integrity. One of the bugs in the kernel could allow for an escalation to Secure Kernel. This is a newer feature, and if I’m not mistaken, this is the first bug of its kind. The bug in Kerberos is interesting as it allows an attacker to gain additional privileges from the Key Distribution Center. However, there are quite a few extra steps involved, including having a MitM. The final EoP this month is in System Center, however, there is no patch available as no existing System Center deployments are impacted. In the spirit of consistency, Microsoft also notes that only customers who re-use existing System Center installer files to deploy new instances in their environment are affected by this vulnerability – so maybe some versions are impacted. Instead of a patch, Microsoft recommends users delete the existing installer setup files (.exe) and then download the latest version of their System Center product. You can find the links in the bulletin.

In addition to the one SFB already discussed, there are eight additional patches for security feature bypasses. Mostly, you can tell what’s being bypassed in the title. The BitLocker bugs bypass Bitlocker. The Hello bug bypasses Hello. The bug in Mark of the Web (MotW) bypasses MotW defenses. The bug in Security Zone Mapping allows content to be treated as if it were in a different zone. The bug in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. The bugs in OneNote and Word allow for the opening of files that should otherwise be blocked. Again, Mac users will have to wait for their patches. Finally, the bug in Defender would allow applications to run that would otherwise be blocked.

Looking at the information disclosure bugs in the April release, a few of these merely result in info leaks consisting of unspecified memory contents. There are also some that lead to the disclosure of the ever-nebulous “sensitive information.” The bugs in Azure Local Cluster could allow the disclosure of device information such as a token, credentials, resource IDs, SAS tokens, user properties, and other sensitive information. The bug in Dynamics Business Central could allow an attacker to recover cleartext passwords from memory. The bug in NTFS allows an authenticated attacker to disclose file path information under a folder where the attacker doesn't have permission to list content. That is also the case for the bug in ReFS. The vulnerability in Admin Center in Azure could allow unauthorized read-only access to the local file system. The final info disclosure bug for April resides in Outlook for Android. If exploited, it could allow an attacker to read targeted e-mails.

Moving on to the 14 Denial-of-Service (DoS) bugs getting patches this month, many simply state that an attacker could deny service over a network to that component. Again, there’s no indication if that’s temporary or a permanent DoS. Does the system blue screen? Is a reboot needed? Does the service recover if the attack stops? I suppose we’ll never know.

Finally, there are three spoofing bugs receiving patches this month, and two of these are rated Low in severity. The bugs in Edge for iOS can be used to trick users into clicking something they thought was safe. One also requires that multiple instances of the browser be opened, which sounds unlikely. The Important-rate bug in Windows Hello just states unauthorized attackers could perform spoofing locally, but Microsoft provides no details on what sort of spoofing.

No new advisories are being released this month.

Looking Ahead

The next Patch Tuesday of 2025 will be on May 13. I’ll be in Germany setting up for Pwn2Own Berlin, but I’ll return with my analysis and thoughts about the release. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!

Use-after-free is a memory corruption condition where a program references memory after it has been released back to the allocator. Statically detecting these bugs can be challenging. In the past, several approaches have addressed this problem, such as GUEB by Josselin Feist and Sean Heelan's work on Finding use-after-free bugs with static analysis.

This blog post explores the usage of Binary Ninja’s Medium Level Intermediate Language (MLIL) to establish a data flow graph by tracing interactions between a specific memory allocation and other memory regions. Building on the data flow graph, it is further utilized in context-insensitive reachability analysis across functions to identify potential Use-After-Free (UAF) vulnerabilities in binaries. Like any other static code analysis approach, this one also has classification errors. While acknowledging the classification errors inherent to static code analysis, we highlight primitives that may also be adaptable for modeling other types of vulnerabilities.

For readers interested in Binary Ninja APIs, refer to our earlier blog post, which comprehensively explains using Binary Ninja Intermediate Languages (ILs) and Static Single Assignment (SSA) form.

Building a Data Flow Graph of Memory Allocation

In this context, data refers to the pointer associated with a specific memory allocation that is the subject of tracking and analysis. The data flow information is visualized as a graph, where:

•    Nodes represent different memory regions.
•    Edges represent pointer store operations that establish relationships or interactions between these regions.

In this implementation, four distinct types of nodes are utilized to construct the data flow graph, each serving a specific purpose:

Tracked Allocation Node (Red): Represents a memory allocation of interest, and acts as the focal point for tracking interactions across the graph.

Function Stack Frame Nodes (Green): Represent the stack frames of individual functions visited during inter-procedural analysis.

Dynamic Memory Nodes (Blue): Represent Static Single Assignment (SSA) variables that cannot be tied to a specific source. These could include dynamically allocated memory or arguments passed to functions for which we lack insights within the scope of the function.

Global Memory Nodes (Black): Global variables across functions are not comprehensively tracked. However, these nodes help analyze interactions within a single function.

The edges in the graph represent pointer store operations, establishing connections between memory allocations. The source node corresponds to the memory being written to and the destination node represents the pointer value being stored. The edge attributes capture the offsets from allocation base addresses. The “write” attribute indicates the offset from the base of an allocation (source node) where the pointer is written to, and the “points” attribute indicates the offset within an allocation (destination node) that the written pointer value points to. New edges are created for every unique value of “write” or “points” attribute. Write operations to stack memory are represented using absolute values from the base of the stack as represented by Binary Ninja and hence will have negative offsets for most of the architectures. When “write” or “points” attribute is 0, it means base of an allocation. Edges are additionally created during unresolved memory load operations, assuming that the relevant memory store occurred outside the function scope. This graphical representation helps understand how memory regions interact. Below is a section of a sample graph generated during analysis of OpenSLP, providing better clarity on the details described:

Figure 1 - Section of Data Graph

Mapping Relationships Between SSA Variables, Graph Nodes, and Edges

Now that we have an understanding of our graph structure, let's explore how SSA variables are mapped to the nodes in the data flow graph. In our automated analysis, the first SSA variable to be tracked is the one assigned the return value of an allocator call, such as malloc() or calloc(). Furthermore, a Binary Ninja GUI interface could be developed to enable users to mark arbitrary variables for tracking and include them in further analysis. Once we identify the SSA variable of interest, we can leverage the definition-use chain to traverse all its uses within the function. Binary Ninja provides the get_ssa_var_definition() and get_ssa_var_uses() APIs to retrieve a variable's definition site and its uses, respectively. Consider the below C code and Binary Ninja’s MLIL SSA representation of the same:

Here, the return value of call to malloc() is written to SSA variable rax#1 and the further usage of rax#1 in the function can be fetched using get_ssa_var_uses() API:

A variable points to a node, and in this context, rax#1 points to the Tracked Allocation Node (Red). When rax#1 is assigned to var_10#1, this information is propagated to var_10#1 and subsequently to any further assignments. When a variable assignment involves pointer arithmetic, a piece of offset information is stored in addition to the node. In this case, the offset is 0 because all the variables point to the base of the Tracked Allocation Node.

The ptr variable in the function stack is represented by the SSA variable var_10#1, which stores the pointer to the allocated memory. The offset for this variable can be extracted and represented as an edge in the graph. In essence, two data structures are constructed: a dictionary that maps SSA variables to nodes and a graph that connects various memory regions, represented as nodes. Since SSA variables are associated with their specific functions, they can be uniquely identified across functions during inter-procedural analysis.

Figure 2 - Connection Between Tracked Allocation Node (Red) and Stack Frame Node (Green)

The following code snippet demonstrates the creation of a Tracked Allocation Node (Red node) and the initialization of the SSA variable dictionary, which contains information about the SSA variable and the node it references:

Let's examine another example of code and its MLIL translation to understand the process of creating a Dynamic Memory Node (Blue).

Within the function scope, there is no information about the location recptr points to. When recptr->link is initialized with the return value of a call to malloc(), a Dynamic Memory Node is created with an edge to the Tracked Allocation Node. This corresponds to the MLIL instruction 0000118a [rax_1#2 + 8].q = rdx#1 @ mem#1 -> mem#2 (MLIL_STORE_SSA), where the edge attribute contains the offset information. The variable rax_1#2 can be tracked back to arg1#0 using the SSA use-def chain.

Figure 3 - Connection Between Tracked Allocation Node (Red) and Dynamic Memory Node (Blue)

Essentially, whenever memory store operations such as MLIL_SET_VAR_SSA, MLIL_STORE_SSA, or MLIL_STORE_STRUCT_SSA are encountered, edges are created in the graph. In Binary Ninja’s MLIL SSA form, MLIL_SET_VAR_SSA is not strictly a memory store operation since stack writes are translated to SSA variables. However, the variables still retain offset information, which can be used to construct the data flow graph.

Translating Memory Loads to Graph Edges

While memory store operations are translated into graph edges, as previously discussed, load operations from memory outside the function scope are also represented as graph edges. Consider the following example:

Within the function scope, there is no specific information about recptr. However, when the pointer returned by malloc() is written to recptr_new->link, this memory is traced back to the argument passed, i.e., recptr (arg1#0), using the SSA use-def chain. The memory load operation recptr->link is translated to 0000117d rax_1#2 = [rax#1 + 8].q @ mem#0 in the MLIL SSA representation. This load operation is represented as an edge between arg1#0 and rax_1#2. The underlying assumption here is that if the memory is being loaded, it must have been initialized beforehand. Memory store, assignment, and load operations serve as the fundamental building blocks of the data flow graph.

Figure 4. Data Flow Graph Developed from Memory Store and Load Operations

Traversing the Data Flow Graph to Propagate Information

Now that we understand how variables are initialized as mappings to nodes in the graph and how memory accesses are translated to edges, the next question is: how is this information propagated when traversing instructions in the SSA def-use chain? The answer lies in the SSA variable dictionary and the graph that we initialized previously.

        -- A direct variable assignment is straightforward. The value of the source variable is assigned to the destination variable. Consider an expression like rax#0 = rbx#0. Here rax#0 is assigned with the value of rbx#0 from the SSA variable dictionary.

        -- For a variable assignment where pointer arithmetic is involved, offset information is stored in addition to the node. Consider an expression like rax#0 = rbx#0 + 0x10. Here rax#0 is assigned with the node pointed to by source variable rbx#0 and holds the offset value to the node, which is 0x10.

        -- For a variable assignment where pointer arithmetic is involved, the node information from the source variable is directly assigned to the destination variable, just as in the case of direct assignment. However, in this situation, the offset information is updated to reflect the pointer arithmetic operation. Consider an expression like rax#0 = rbx#0 + 0x10. Here rax#0 is assigned with the node pointed to by source variable rbx#0 but the offset value is set to 16.

        -- A variable assignment where data is loaded from memory like rax_1#2 = [rax#1 + 8].q, the edges of the graph are visited to fetch the target node pointed to by the source variable. To detail further, the node and the offset associated with rax#1 (base variable) is fetched from the SSA variable dictionary. Then the final offset is computed as the sum of “offset” fetched from SSA variable dictionary and the offset from the load instruction. Once the node and the computed offset are available, we find the edge which has the “write” offset equal to that of the computed offset by walking through all the edges of the node. The destination node and “points” offset associated with this edge are assigned to rax_1#2. Essentially, we resolve a memory load operation to node and offset values, which can be used to update the SSA variable dictionary. Below is the code snippet to demonstrate this:

Callees are visited after all the instructions in a def-use chain of the calling function have been processed. A callee is considered for further analysis only if any arguments passed to the function have mappings in the SSA variable dictionary. Recursion is managed by monitoring the call stack for repeated calls to the same function and terminating the analysis after a predefined number of iterations.

In cases where stack memory is passed as an argument, the callee is also analyzed if the stack offset passed is less than the write offset value of any edges associated with the respective Function Stack Frame Nodes (Green). This consideration ensures that even if a structure element is initialized within a function and the base of the structure is passed to the callee (with the stack growing downwards and using negative offsets), the analysis accounts for it appropriately.

Once the instructions in the SSA def-use chains of both the caller and callees have been traversed, the data flow graph generation is considered complete, with all variable information fully populated for further analysis.

Logging Instructions Linked to Tracked Allocation

After completing the SSA variable mapping and generating the data flow graph, the instructions are revisited. All memory loads, memory stores, or call instructions dependent on the Tracked Allocation Node are recorded, along with the statically generated call stack. These are considered as "Use". Additionally, call instructions involving deallocator functions are logged and considered as "Free". Below is a sample code snippet for handling MLIL_STORE_SSA instruction:

Inter-Procedural Analysis for Use-After-Free Detection via Call Stack

Once the logging is done, detecting potential use-after-free bugs involves analyzing all basic blocks categorized as "Free" and verifying if any paths lead to basic blocks categorized as "Use". If such a path exists, it is flagged as a potential use-after-free condition. Since double-free bugs are related to use-after-free, the analysis also examines whether a path exists from one "Free" block to another "Free" block. If such a path is detected, it is flagged and logged as a potential double-free condition.

In forward data flow analysis, there is at least one common function in the call stack leading to "Free" and the call stack leading to "Use." For example, consider a scenario where function A allocates memory, passes it to function B for use, which propagates it further to function C, where it gets freed. The instructions using the allocation in B have a call stack of A leading to B, while the call stack for function C includes A leading to B and B leading to C. The last common function in these two call stacks is B.

The analysis conducted here is not context-sensitive and focuses solely on reachability. Therefore, instead of identifying a direct path between the basic block in C that frees the memory and the instructions in B that use the memory, the analysis checks for a path within the last common function, i.e., between the basic block in B that calls function C and the basic blocks in B that use the memory. This approach allows for inter-procedural analysis while limiting the pathfinding to the last common function, improving efficiency and scope control. Otherwise, one may have to inline multiple functions into a single graph to perform reachability analysis.

Additionally, loops require special attention to minimize false positives. In loops, backward edges can connect basic blocks following a deallocation to those preceding an allocation. Therefore, instructions executed after an allocation but before a deallocation can still appear reachable in the graph, potentially being misidentified as use-after-free. To mitigate this, all incoming edges to the basic block that invokes the allocator function are removed in the control flow graph. This effectively disconnects statements that would otherwise appear reachable within the loop, reducing the false positive results.

Automated Detection of Allocator and Deallocator Calls

While it is ideal to use allocator and deallocator wrappers specific to the program as input for this analysis, manually identifying them can be challenging. An easier starting point is to input standard functions like malloc(), realloc(), and free(), examine the outcomes, and progressively refine the analysis based on the results. By cross-referencing allocator functions like malloc() and leveraging def-use chains, we can determine if the pointer returned by an allocator function is subsequently returned by the caller. If so, the caller is likely a wrapper around the allocator. For finding deallocator functions, the approach is similar to the one mentioned as “Function aliases” by Sean Heelan. Binary Ninja’s dataflow analysis can be used to verify whether any of the caller's function parameters are directly passed to a deallocator such as free(). This can be identified by checking if the parameter’s value type is RegisterValueType.EntryValue. If this condition is met, it indicates a potential wrapper around the deallocator function.

Using a JSON file with minimal allocator details, numerous functions involved in allocating and deallocating data structures were identified in OpenSLP. These discovered functions can be incorporated into the JSON file for further analysis. Currently, the "arg" key holds no significance in the implementation.

Since we perform forward data flow analysis, which involves visiting the functions that invoke the allocator call as well as the callees of those functions, identifying these wrappers allows us to shift the starting point of our analysis. Simply put, instead of beginning our analysis inside SLPMessageAlloc(), where forward data flow analysis has limited scope because it calls calloc() without further interactions, we can focus on analyzing all the functions that call SLPMessageAlloc(). This approach broadens the scope and provides better insights into the data flow.

Analyzing Real-World Vulnerabilities from the Past

To understand how the tool works, let's test it on some known vulnerable programs. Since GUEB already provides a list of identified vulnerabilities, I chose to use them as examples here.

CVE-2015-5221: JasPer JPEG-2000

There is a use-after-free/double-free vulnerability in mif_process_cmpt() as seen in RedHat Bugzilla.

By tracking the allocation and deallocation APIs, jas_tvparser_create() and jas_tvparser_destroy() respectively, the following results are observed:

In this case, mif_process_cmpt() is inlined into mif_hdr_get(), and the results are displayed accordingly.

CVE-2016-3177: Giflib

Here is a double-free vulnerability in gifcolor - #83 Use-after-free / Double-Free in gifcolor

In this case, the allocation and deallocation APIs used were EGifOpenFileHandle() and EGifCloseFile(), respectively, and the results are as follows:

GNOME-Nettool

This use-after-free vulnerability in get_nic_information() - Bug 753184. For this analysis, g_malloc0() and free() pair is tracked:

Figure 5. UAF in get_nic_information

CVE-2015-5177: OpenSLP

This double-free issue in SLPDProcessMessage() #1251064 demonstrates a different scenario compared to the previous bugs. The earlier cases involved allocation, free, and use within the same function. However, in this double-free case, we observe the effectiveness of inter-analysis. This highlights how bugs spanning multiple functions can be detected, providing a broader scope of analysis for complex code paths.

Pointers to memory allocated by SLPMessageAlloc() in SLPDProcessMessage() and SLPBufferAlloc() are passed to ProcessDAAdvert() when the message ID is set to SLP_FUNCT_DAADVERT. Within ProcessDAAdvert(), these pointers are further passed to SLPDKnownDAAdd(). If an error occurs in SLPDKnownDAAdd(), the buffers are freed using SLPMessageFree() and SLPBufferFree(), and a non-zero error code is returned to SLPDProcessMessage(). Subsequently, when SLPDProcessMessage() detects the non-zero error code, it attempts to free the same buffers again, resulting in a double-free condition. The upstream fix for this issue is found here - fix double free if SLPDKnownDAAdd() fails:

Interestingly, two double-free issues are reported due to SLPMessageFree(), even though SLPDKnownDAAdd() frees these pointers only once in the code. This discrepancy occurs because the compiler, for optimization purposes, generates multiple basic blocks for the same target of a goto statement. This leads to multiple results being reported. Our implementation does not track the buffer allocated through SLPBufferAlloc() because the pointers are passed across functions via global memory, which is not currently within the scope of our tracking.

Currently, the logging is very primitive. Every instruction classified as potential UAF condition is logged individually. Readability could be improved significantly by instead grouping the instructions by basic block or by function.

Conclusion

I hope you have enjoyed this look at using Binary Ninja to find use-after-free vulnerabilities through data flow analysis and graph reachability. The source code for the project can be found here - uafninja. If you find any vulnerabilities using these methods, consider submitting it to our bounty program.

Until then, you can find me on Twitter at @RenoRobertr, and follow the team on Twitter, Mastodon, LinkedIn, or Bluesky for the latest in exploit techniques and security patches.

Acknowledgments and References

•     Various blog posts from Trail of Bits on Binary Ninja
•     Josh Watson for various projects using Binary Ninja. The visitor class implementation is based on emilator
•    Jordan for all the code snippets and the Binary Ninja slack community for answering various questions
•    GUEB Static analyzer by Josselin Feist
•    Sean Heelan's work on Finding use-after-free bugs with static analysis.

Researching and reverse engineering Level 2 Electric Vehicle Supply Equipment (EVSE or loosely “charger”) efforts might require the equipment to be placed beyond the idle state. The idle state is straightforward and usually involves nothing more than powering up the charger. Indeed, this is a very useful state for research where the user interface is in operation, communications both wired and wireless are working and the mobile device app can interact. However, there are times when there is a need to force the charger into other states so that it behaves as though the electric vehicle is attached, the EV is asking for charge, or the EV is charging and the EVSE is providing charging current.  

At the Pwn2Own Automotive 2025 event, an add-on category was introduced that required a demonstration of an exploit while the equipment was in the charging state. This required manipulation of the charger via the charging cable in order to enter this charging state. This blog describes the device that we assembled to achieve this requirement. I will cover the design considerations that were made along with how the device operates. I will also provide the specifics on parts that we used; however, due to the wide range of requirements different researchers might have and substitutions they might make, I will only highlight the important points of the design and not describe this as a “step-by-step” build.  

As an example of a minimal “simulator” build, some chargers have been observed to provide an output signal when the charging cable attaches to the vehicle. If your research only involves this signal, then a diode and a single resistor inside your EV simulator enclosure may be enough to achieve your goal. So, understand our device first and then use that knowledge to build what you require for your research.

Safety

First and foremost is safety. If you are familiar with researching EVSE, you know that you will be dealing with deadly voltages. This is the case here as well. Even more dangerous is the fact that the EV simulator will enable the high voltage onto the charging cable and inside the simulator itself. This increases the number of components that have high voltage and thus increases the danger. Every precaution and safety measure should be taken in dealing with high voltage and high current. If you are not knowledgeable and confident with working around deadly high voltages or are not sure of appropriate safety measures, do not attempt to build a simulator or work with EVSE. An alternative might be to educate yourself and ask others with the appropriate qualifications for help.  As we were about to publish this blog, we found some pre-built devices that are limited but might still be an option for some.  These are listed in the “Pre-Built Alternatives” section below.

Basic Operation

The EV simulator is based on SAE J1772 operation. There are other standards that define EVSE to EV connections but our focus in this blog is strictly J1772.

The basic information needed can be found here.

The key items this implies are:

J1772-2009 connector is used.
Control signaling (over the Control Pilot signal) is strictly PWM/duty cycle.

If you study the wiki link above, you will see that the EV communicates to the EVSE on the CP line via a resistor network in the vehicle. The EVSE will sense a resistance to determine if the cable is connected to the EV (2740 ohms) and if the vehicle wants charging (882 ohms). On the flip side, the EVSE provides a 1kHz PWM signal to the vehicle to indicate the maximum current that the EVSE is willing to provide to the EV. This is done through the duty cycle of the signal. The duty cycle to current mapping is defined by J1772.

The EV simulator provides the proper resistance values using a rotary switch and monitors the PWM signal with a low-cost onboard oscilloscope. These parts reside on or inside a plastic enclosure to provide safety from high voltage and anchor the main components.

In our EV simulator, the rotary switch is set to “0” when we want to simulate a disconnected cable. It is set to “1” to simulate a connection to a vehicle but no charge being requested. Finally, it is set to “2” to simulate a connected vehicle requesting a charge. These are the only three states that we decided to incorporate into our simulator.

Figure 1 – The EV Simulator at the time of P20 Automotive Tokyo 2025

Parts

This is a list of components that we used to build our EV simulator and their links to Amazon USA. The resistors come in a kit, and we used 2700ohm for the 2740ohm requirement and 820ohm for the 882ohm requirement. These approximate values appeared to work on the EVSEs that we tested. However, you could find a more particular EVSE that needs values closer to the specification. In that case, you could combine other resistors in the kit to get closer to the specification.

As for the diode, you should try to use the one we used or one with even lower Vf specification. This diode worked with all of the chargers we were able to test. We tried higher Vf diodes with limited success. Some chargers were more tolerant of a higher Vf but many were not. The diode is required because most EVSE will test for its existence as a safety measure. 

·      Project box: LeMotech Junction Box
·      Receptacle: J1772 receptacle
·      Resistor 2740 ohm and 882 ohm: Chanzon 300 Piece Resistor Kit
·      Diodes: Chanzon 1N5817 Schottky Barrier Rectifier Diodes
·      Rotary switch: Taiss Universal Changeover Switch
·      Volt/Amp Meter: DROK Volt Amo Meter
·      Oscilloscope: FNIRSI DSO152 Oscilloscope
·      Load Plug: 20FT NEMA 6-15P/6-15R Power Extension Cord
·      Load: Cadet F Series Baseboard Heater

Considerations

A few of the items are not strictly necessary but do help in verifying the simulator is working as expected. Substitutions are also possible depending on your needs.

The bare minimum is the enclosure, the J1772 receptacle, and the proper resistor and diode values. How you manipulate the resistor network, monitor the PWM signal, and if you do or do not implement a load is flexible and up to you.

Assembly of (Our) EV Simulator

Our initial step in assembly was to drill or cut holes into the plastic enclosure. Placement isn’t critical; however, we did attempt to make things ergonomic and to not block the indicators with cables or our hands while manipulating the switch. Secondly, we connected the resistors and diode to the rotary switch and mounted that assembly inside the enclosure. This circuit connects to the Control Pilot (CP) and Protective Earth (PE) inside the enclosure.

Figure 2 – Schematic of components connected to the rotary switch.

Again, this was our implementation. We left S0 on our switch open to simulate a cable in the unconnected state without having to physically plug and unplug the cable. We also chose to control the two resistor states (S1 and S2) separately. The schematic in the wiki shows a different configuration in which only one toggle is required, and the values of the resistors are adjusted.  Both are valid so build based on your constraints. Finally, as seen in the schematic, we did not utilize states 3 -5 on the rotary switch because the additional charging states were not needed for our research at the time.

Next, the J1772 receptacle needs to be wired.

Figure 3 – The J1772 charge connector as seen from the open end

If you choose not to add a load to the simulator, the wiring is fairly easy. You only need to bring out the Control Pilot (CP) signal and the Protective Earth (PE) from the back of the connector. If you want to include a simulated battery load, you will need to also bring out the two high voltage lines (L1 and L2/N) with the appropriate size wire (remember, these can be high current depending on the load you pick). We conservatively used a 12-gauge wire, and our anticipated load was 500W. L1 and L2/N were then routed out of the enclosure to a plug so that the 500W load could be removed or added at will. The plug (in the material list above) was a heavy-duty extension cord that we cut and hardwired to the enclosure on one side and to the load on the other side. We also included a Volt/Amp meter to monitor the J1772 receptacle. When the EVSE engaged charging, the meter would show 230V (in our case) and 2.2A if the load was attached otherwise, 0A. Finally, an inexpensive battery-powered oscilloscope was attached with double-sided tape to the front of the enclosure. The probe cable was routed inside to monitor the PWM signal present on the CP wire. This simple scope defaulted to displaying several measurements, which included a duty cycle, so it was a good fit for this purpose. Other than pressing “Auto Set” once the 1KHz signal was present, there was no other configuration required.

Thus, the full enclosure schematic is:

Figure 4 – The full schematic of our EV simulator

Targets

This EV simulator was evaluated on all of the targets used at Pwn2Own Automotive 2025. This included Level 2 chargers from Autel, ChargePoint, WOLFBOX, Emporia, Ubiquity, and Tesla (with NACS adaptor). All the EVSE devices were successfully placed into the charging state and 500W was provided to the load using this simulator.

Pre-Built Alternatives 

As mentioned in the “Safety” section, we noticed a few consumer devices, which might be adequate for some research and would avoid having to assemble any parts. These devices appear to be designed primarily to charge electric scooters from an EVSE. To do this, they effectively provide the minimum circuit to enable the EVSE to energize the cable. Note that these do not provide a direct way to measure the CP signal.  Always follow the manufacturer’s safety instructions when using these devices.

·      220V J1772 Type1 Socket to NEMA 5-15/5-20 EV Charger Adapter
·      J1772 to Nema 5-20, EV Station Charging Adapter

Final Thoughts 

The J1772 standard is straightforward to implement for the limited purpose of emulating an attached vehicle to these chargers. There are more sophisticated protocols on the horizon (CAN over the CP signal) but most of the consumer-grade EVSEs continue to utilize J1772. Additionally, with such a large established base of J1772, support from the EVSEs and the EVs will likely continue far into the future.  Hopefully, this blog describing our design considerations and how we built our EV simulator will simplify the process for other researchers. While official contest specifics are still months away for the Pwn2Own Automotive event for 2026, there will almost certainly be a contest category for using the charging cable as the attack surface again. This was a highlighted addition to the 2025 event over 2024 and we hope to build on that for 2026.

Until then, you can follow us on Twitter, Mastodon, LinkedIn, or Bluesky for the latest in exploit techniques and security patches.

We’ve reached the third Patch Tuesday of 2025, and, as expected, Microsoft and Adobe have released their latest security offerings. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:

Adobe Patches for March 2025

For March, Adobe released seven bulletins addressing 37 CVEs in Adobe Acrobat Reader, Substance 3D Sampler, Illustrator, Substance 3D Painter, InDesign, Substance 3D Modeler, and Substance 3D Designer. Six of these bugs were reported through the ZDI program. The patch for Reader contains fixes for multiple Critical-rated code execution bugs. This should be the top priority for deployment. The fix for Illustrator also corrects some Critical-rated code execution bugs. That also holds true for the InDesign patch. For all of the products, an attacker would need to convince a user to open a specially crafted file.

The remaining patches all touch the Substance family of products. The fix for Substance 3D Sampler addressed seven bugs with some of those being Critical. The patch for Substance 3D Painter corrects two code execution bugs. The update for Substance 3D Modeler also has two CVEs, but only one is for a code execution bug. Finally, the patch for Substance 3D Designer addresses two Critical-rated code execution vulnerabilities.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.

Microsoft Patches for March 2025

This month, Microsoft released 56 new CVEs in Windows and Windows Components, Office and Office Components, Azure, .NET and Visual Studio, Remote Desktop Services, DNS Server, and Hyper-V Server. One of the actively exploited bugs was submitted through the Trend ZDI program. With the addition of the third-party CVEs, the entire release tops out at 67 CVEs.

Of the patches released today, six are rated Critical, and 50 are rated Important in severity. This is nearly identical to the release last month in volume, but the number of actively exploited bugs is extraordinary.

One of these bugs is listed as publicly known, and six(!) others are listed as under active attack at the time of release. Let’s take a closer look at some of the more interesting updates for this month, starting with the bug discovered by a Trend researcher:

-    CVE-2025-26633 - Microsoft Management Console Security Feature Bypass Vulnerability
This bug was discovered by Aliakbar Zahravi and has been seen in the wild and used in targeted attacks. The specific flaw exists within the handling of MSC files. The product does not warn the user before loading an unexpected MSC file. An attacker can leverage this vulnerability to evade file reputation protections and execute code in the context of the current user. There is user interaction required here, but that doesn’t seem to be a problem for the attacker – EncryptHub (aka Larva-208). With more than 600 organizations impacted by these threat actors, test and deploy this fix quickly to ensure your org isn’t added to the list. Ali will have further details about these attacks out soon.

-    CVE-2025-24993 - Windows NTFS Remote Code Execution Vulnerability
CVE-2025-24985 - Windows Fast FAT File System Driver Remote Code Execution Vulnerability
These are two more bugs being exploited, and I group them together because they are triggered by the same action. To be exploited, a user would need to mount a specially crafted virtual hard drive (VHD). It’s interesting to see the root cause of these bugs is an overflow; heap-based for the NTFS and an integer overflow for Fast FAT. Once exploited, the attacker can execute code on an affected system. If paired with a privilege escalation (like the one below), they could completely take over a system.

-    CVE-2025-24983 - Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
This is another bug being actively exploited, but it’s a more traditional privilege escalation than the other one. In this case, an authenticated user would need to run a specially crafted program that ends up executing code with SYSTEM privileges. That’s why these types of bugs are usually paired with a code execution bug to take over a system. Microsoft doesn’t provide any information on how widespread these attacks are, but regardless of how targeted the attacks may be, I would test and deploy these patches quickly.

-    CVE-2025-24984/CVE-2025-24991 - Windows NTFS Information Disclosure Vulnerability
These are the final two bugs under active attack in this release. They have different triggers, but both simply lead to info leaks consisting of unspecified memory contents. CVE-2025-24984 requires physical access, which is unusual to see in an active attack. The other CVE requires the target to mount a specially crafted VHD. Even though the info leak isn’t targeted, it must be worth getting since these are being exploited. Don’t sleep on these. Test and deploy the fixes quickly.

Here’s the full list of CVEs released by Microsoft for March 2025:

CVE Title Severity CVSS Public Exploited Type CVE-2025-26633 Microsoft Management Console Security Feature Bypass Vulnerability Important 7 No Yes SFB CVE-2025-24985 Windows Fast FAT File System Driver Remote Code Execution Vulnerability Important 7.8 No Yes RCE CVE-2025-24984 Windows NTFS Information Disclosure Vulnerability Important 4.6 No Yes Info CVE-2025-24991 Windows NTFS Information Disclosure Vulnerability Important 5.5 No Yes Info CVE-2025-24993 Windows NTFS Remote Code Execution Vulnerability Important 7.8 No Yes RCE CVE-2025-24983 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Important 7 No Yes EoP CVE-2025-26630 Microsoft Access Remote Code Execution Vulnerability Important 7.8 Yes No RCE CVE-2025-24057 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2025-26645 Remote Desktop Client Remote Code Execution Vulnerability Critical 8.8 No No RCE CVE-2025-24064 Windows Domain Name Service Remote Code Execution Vulnerability Critical 8.1 No No RCE CVE-2025-24035 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical 8.1 No No RCE CVE-2025-24045 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical 8.1 No No RCE CVE-2025-24084 Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability Critical 8.4 No No RCE CVE-2025-24070 ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-21199 Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability Important 6.7 No No EoP CVE-2025-26627 † Azure Arc Installer Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-24049 Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability Important 8.4 No No EoP CVE-2025-24986 Azure Promptflow Remote Code Execution Vulnerability Important 6.5 No No RCE CVE-2025-24997 DirectX Graphics Kernel File Denial of Service Vulnerability Important 4.4 No No DoS CVE-2025-24046 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-24066 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Important 8.4 No No EoP CVE-2025-24067 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-24995 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-21247 MapUrlToZone Security Feature Bypass Vulnerability Important 4.3 No No SFB CVE-2025-24075 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-24081 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-24082 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-24072 Microsoft Local Security Authority (LSA) Server Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-24080 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-24083 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-26629 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-24076 Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2025-24994 Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2025-24071 Microsoft Windows File Explorer Spoofing Vulnerability Important 7.5 No No Spoofing CVE-2025-24077 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-24078 Microsoft Word Remote Code Execution Vulnerability Important 7 No No RCE CVE-2025-24079 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-24054 NTLM Hash Disclosure Spoofing Vulnerability Important 6.5 No No Spoofing CVE-2025-24996 NTLM Hash Disclosure Spoofing Vulnerability Important 6.5 No No Spoofing CVE-2024-9157 * Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability Important N/A No No RCE CVE-2025-26631 Visual Studio Code Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2025-25003 Visual Studio Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2025-24998 Visual Studio Installer Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2025-24043 WinDbg Remote Code Execution Vulnerability Important 7.5 No No RCE CVE-2025-24059 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-21180 Windows exFAT File System Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-24048 Windows Hyper-V Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-24050 Windows Hyper-V Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-24061 Windows Mark of the Web Security Feature Bypass Vulnerability Important 7.8 No No SFB CVE-2025-24992 Windows NTFS Information Disclosure Vulnerability Important 5.5 No No Info CVE-2025-24051 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-25008 Windows Server Elevation of Privilege Vulnerability Important 7.1 No No EoP CVE-2025-24056 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-24987 Windows USB Video Class System Driver Elevation of Privilege Vulnerability Important 6.6 No No EoP CVE-2025-24988 Windows USB Video Class System Driver Elevation of Privilege Vulnerability Important 6.6 No No EoP CVE-2025-24055 Windows USB Video Class System Driver Information Disclosure Vulnerability Important 4.3 No No Info CVE-2025-24044 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-1914 * Chromium: CVE-2025-1914 Out of bounds read in V8 High N/A No No N/A CVE-2025-1915 * Chromium: CVE-2025-1915 Improper Limitation of a Pathname to a Restricted Directory in DevTools Medium N/A No No N/A CVE-2025-1916 * Chromium: CVE-2025-1916 Use after free in Profiles Medium N/A No No N/A CVE-2025-1917 * Chromium: CVE-2025-1917 Inappropriate Implementation in Browser UI Medium N/A No No N/A CVE-2025-1918 * Chromium: CVE-2025-1918 Out of bounds read in PDFium Medium N/A No No N/A CVE-2025-1919 * Chromium: CVE-2025-1919 Out of bounds read in Media Medium N/A No No N/A CVE-2025-1921 * Chromium: CVE-2025-1921 Inappropriate Implementation in Media Stream Medium N/A No No N/A CVE-2025-1922 * Chromium: CVE-2025-1922 Inappropriate Implementation in Selection Low N/A No No N/A CVE-2025-1923 * Chromium: CVE-2025-1923 Inappropriate Implementation in Permission Prompts Low N/A No No N/A CVE-2025-26643 * Microsoft Edge (Chromium-based) Spoofing Vulnerability Low 5.4 No No Spoofing

* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.

† Indicates further administrative actions are required to fully address the vulnerability.

Moving on to the other Critical-rated bugs, there’s a frightening-looking bug in DNS server that could allow code execution if an attacker sends a specially crafted DNS response to an affected server. However, that is incredibly unlikely to be parsed by the server. Having done DNS spoofing in a past life, it’s tricky, so this is unlikely to be exploited. The Office bug where Preview Pane is an attack vector is more likely to see exploits, but Microsoft confusingly states user interaction is required. Perhaps the target needs to preview the file in the Preview Pane? The bugs in Remote Desktop Services are also concerning as they could allow code execution if an attacker connects to an affected RDS gateway. The Remote Desktop Client bug is less concerning as a target would need to connect to a malicious server. Also less concerning is the bug in the Windows Subsystem for Linux as it requires elevated privileges to exploit.

Looking at the other code execution bugs, there are quite a few open and own bugs in Office components. This includes a bug in Access that’s listed as publicly known. There’s a fix for Azure PromptFlow that allows a remote, unauthenticated attacker to run code on an affected system. The bug in WinDbg could allow code execution due to the improper verification of cryptographic signature in .NET. However, Microsoft fails to provide any details of the exploit scenario. There’s a bug in exFAT that looks similar to two of the bugs being exploited in the wild. Since this one is not listed as exploited, it’s likely a variant of one (or both) of those. Finally, there are bugs in the RRAS and Telephony service, which seems like a monthly standard at this point. We have yet to see any of these types of bugs exploited, so there is not much concern there.

There are a handful of privilege escalation bugs receiving fixes in this month’s release, and most of these either lead to SYSTEM-level code execution or administrative privileges if an authenticated user runs specially crafted code. Beyond those, the bugs in Hyper-V could lead to Kernel Memory Access. The bug in Windows Server could lead to a file deletion, which can then be turned into a privilege escalation. A similar bug was reported as being under active attack last month. One of the Visual Studio bugs leads to escalating to privileges of the affected application. That’s also true for the bug in Azure Command Line Integration (CLI). The bug in ASP.NET Core and Visual Studio allows an attacker to escalate to the privileges of the compromised user. The bug in Azure Arc Installer leads to SYSTEM privileges, but you’ll need to do more than just patch to address it. This only affects machines onboarded via Group Policy, but if they were, you’ll need to roll out new GPOs to fully resolve the vulnerability.

In addition to the security feature bypass (SFB) bug being exploited in the wild, there are two other SFB fixes in this month’s release. The first is in MapUrlToZone. This bug allows attackers to bypass the security feature and have URLs processed in incorrect zones. The other is in Mark of the Web, which we have seen abused by threat actors in the past. Again, the vulnerability allows files to be treated as though they aren’t as dangerous as they seem and fails to warn users – who generally click on anything.

Looking at the Spoofing bugs in the March release, two are listed as NTLM Hash Disclosures. In both cases, user interaction is required. However, that interaction can be as simple as a single clicking (selecting) on a malicious file. If successful, an attacker could then spoof that NTLM hash for further compromise. There are not many details available for the File Explorer spoofing bug other than to say that a remote, unauthenticated attacker could “perform spoofing over a network.”

There are only two other information disclosure bugs this month, and one looks like a variant of the NTFS info disclosures under active attack. Again, it only yields unspecified memory contents. That’s also true for the bug in the Windows USB Video Driver, but Microsoft notes this is a physical attack. They don’t specify what type of physical attack, but considering it’s in a USB component, that likely means plugging in a USB device.

The March release contains just one Denial-of-Service (DoS) bug in the DirectX Graphics Kernel File, but it requires admin credentials to exploit.

No new advisories are being released this month.

Looking Ahead

The next Patch Tuesday of 2025 will be on April 11, and I’ll return with my analysis and thoughts about the release. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Simon Humbert and Guy Lederfein of the Trend Micro Research Team detail a recently patched code execution vulnerability in the Microsoft Windows Key Distribution Center (KDC) Proxy. This bug was originally discovered by k0shl and Wei in Kunlun Lab with Cyber KunLun. Successful exploitation could result in arbitrary code execution in the security context of the target service. The following is a portion of their write-up covering CVE-2024-43639, with a few minimal modifications.

An integer overflow has been reported for Microsoft Windows KDC Proxy. The vulnerability is due to a missing check for Kerberos response length.

A remote, unauthenticated attacker could direct KDC proxy to forward a Kerberos request to a server under their control, which would then send back a crafted Kerberos response. Successful exploitation could result in arbitrary code execution in the security context of the target service.

The Vulnerability

The Microsoft Windows operating system implements a default set of authentication protocols, including Kerberos, NTLM, Transport Layer Security/Secure Sockets Layer (TLS/SSL), and Digest, as part of an extensible architecture. For authentication within an Active Directory domain, Windows uses Kerberos.

Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos builds on symmetric-key cryptography and requires a trusted third party, the key distribution center (KDC), that shares a key with all other parties in the authentication realm. Clients and services exchange Kerberos messages with the KDC. Kerberos messages can be transported over either UDP or TCP on port 88. When sent over TCP however, each request and response is preceded by the length of the message as 4 octets in network byte order.

The Microsoft Windows Server operating systems implement the Kerberos version 5 authentication protocol. Each Active Directory domain controller runs an instance of the Kerberos KDC, which uses the domain's directory service database as its security account database. To authenticate, a client must have network connectivity to a domain controller.

Although this is generally the case for machines located within an organization's network, this may not be true for clients using remote connections. To enable remote workloads, notably services such as RDP Gateway and DirectAccess, it is possible to proxy Kerberos traffic over HTTPS using a KDC Proxy.

A KDC Proxy is an HTTP-based server that implements the Kerberos KDC Proxy Protocol (KKDCP). Clients wrap their Kerberos request in a KDC proxy message and send it in the body of an HTTPS POST request where the Request-URI is set to /KdcProxy. KDC proxy messages are defined using Abstract Syntax Notation One (ASN.1). ASN.1 is a standard interface description language (IDL) for defining data structures that can be serialized and deserialized in a cross-platform way. The full specification of ASN.1 including its lexical units, separators, recursive definitions, native data types, whitespace, production rules, etc. can be found here.

Here is the structure of KDC Proxy messages:

Where:

·      kerb-message is a Kerberos message, including the 4 octet message length prefix.
·      target-domain is a DNS or NetBIOS domain name that represents the realm to which the Kerberos message must be sent (target-domain is required for KDC proxy requests but is not used for KDC proxy responses).
·      dclocator-hint is an optional field that contains additional data used to find a domain controller.

KDC Proxy messages are encoded using the Distinguished Encoding Rules (DER). DER is a type-length-value encoding system, each DER-encoded field has the following structure:

Identifier Octets encode the type of the Contents Octets. Generally, it consists of a single octet with the following structure:

The Class field can be one of Universal (bits: 00), Application Specific (bits: 01), Context-specific (bits: 10), or Private (bits: 11). The P/C field specifies whether the field is a primitive data type (bit: 0) such as INTEGER, or a constructed data type (bit: 1), i.e. whose Content Octets contain other primitive or constructed data types. If the Class field is Universal, then the specification defines several standard Tag Numbers such as BOOLEAN

(\x1), INTEGER (\x2), OCTET STRING (\x4), UTF8STRING (\x0C), SEQUENCE (\x10), IA5STRING (\x16), GeneralString (\x1B), etc. In the case of non-Universal classes, there are rules for encoding Tag Numbers larger than 30.

In DER, there are two ways to encode Length Octets. In the short form, a single Length Octet is used with the most significant bit set to 0, and the 7 remaining bits represent the number of Content Octets. In the long form, the most significant bit of the first Length Octet is set to 1, and the 7 remaining bits encode the number of subsequent Length Octets, which themselves contain the number of Content Octets. The long form is typically used only when necessary. All multibyte integers are in big-endian format.

As an example, here is how a KDC proxy request would look like after being encoded:

Indentation shows the relationship between constructed and primitive data types. Please note that the tag number for SEQUENCE is \x10, however, the SEQUENCE field is a constructed data type with the P/C field is set to 1. Therefore, the Identifier Octet for SEQUENCE is 0x30. The SEQUENCE items are assigned explicit tags from 0 to 2, and when encoded, they are encapsulated in an EXPLICIT tag data type. In the Identifier Octet for the EXPLICIT tag, the Class field is set to Context-Specific (bits: 10), and the P/C field is set to 1. Finally, Kerberos realms are encoded as KerberosString, which is an alias for GeneralString.

Upon reception of a KDC proxy request, the KDC proxy extracts the target-domain and locates a domain controller for that realm. First the KDC proxy queries the DNS SRV record for the name _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.<target_domain>, and resolves matching A records if needed. Then the KDC proxy sends an LDAP ping to the resulting set of IP addresses. An LDAP ping is a connection-less LDAP (CLDAP) rootDSE search for the Netlogon attribute, used to verify the aliveness of a domain controller, and check whether it matches a specific set of requirements. The domain controller returns a little-endian byte string that encodes a NETLOGON_SAM_LOGON_RESPONSE_EX structure.

Finally, the KDC proxy extracts kerb-message from the KDC proxy request and forwards it to the domain controller. Please note that KDC proxy only forwards Kerberos requests over TCP. Please also note that, while it can only be run on domain-joined machines, KDC proxy will proxy Kerberos requests for arbitrary domains. When KDC Proxy receives a Kerberos response from the domain controller, it wraps it in a KDC proxy message (which only contains the kerb-message field), and returns it to the client in the body of an HTTPS 200 OK response.

An integer overflow has been reported for Microsoft Windows KDC Proxy. The vulnerability is due to a missing check for the length of Kerberos responses.

After sending the Kerberos request to the domain controller, the KDC proxy reads 4 bytes from the network socket to get the Kerberos response length. Then, it attempts to read as many bytes as required to get the full response. A number of functions are involved in reading the Kerberos response, all of them are passed a pointer to a _KPS_IO structure as argument. _KPS_IO structures have a size of 0x120 bytes, here is a partial definition below (all structure definitions in this section were determined by reverse engineering; most structure and field names were chosen by us):

Whenever subsequent bytes are read from the socket, function KpsSocketRecvDataIoCompletion() in DLL file kpssvc.dll is called. It checks if enough bytes were read to get the full response, and if yes calls the function KpsPackProxyResponse(), passing a pointer to the _KPS_IO structure as an argument. KpsPackProxyResponse() first calls function KpsCheckKerbResponse() that validates the Kerberos response. Notably, if the byte that immediately follows the message length prefix is set to `0x7E` or `0x6B`, KpsCheckKerbResponse() verifies that the response is a properly constructed Kerberos message. If it is not the case, it does not perform any validation and returns without error.

KpsPackProxyResponse() local variables include a structure of type ASN1_KDC_PROXY_MSG. ASN1_KDC_PROXY_MSG structures have a size of `0x28` bytes, here is a partial definition below:

After calling KpsCheckKerbResponse(), KpsPackProxyResponse() initializes the structure as such: ASN1_KDC_PROXY_MSG.buf is set to _KPS_IO.recvbuf, and ASN1_KDC_PROXY_MSG.len is set to _KPS_IO.bytesread. Then, for wrapping the Kerberos response in a KDC proxy response it calls the function KpsDerPack(), passing the address of the ASN1_KDC_PROXY_MSG structure as an argument. From this moment on, the code flow alternates between functions from the DLL file kpssvc.dll implementing the KDC proxy server and functions from the Microsoft ASN.1 library msasn1.dll. The latter are subsequently referred to as "MSASN.1" functions.

KpsDerPack() calls MSASN.1 function ASN1_CreateEncoder(), which allocates a structure of type ASN1_encoder. ASN1_encoder structures have a size of `0x50` bytes, here is a partial definition below:

KpsDerPack() then calls MSASN.1 function ASN1_Encode(), passing pointers to the ASN1_encoder and ASN1_KDC_PROXY_MSG structures as arguments. ASN1_Encode() calls function ASN1Enc_KDC_PROXY_MESSAGE(). ASN1Enc_KDC_PROXY_MESSAGE() calls the MSASN.1 function ASN1BEREncExplicitTag(), passing a pointer to the ASN1_encoder structure as an argument. ASN1BEREncExplicitTag() is called twice, to encode the SEQUENCE and EXPLICIT fields.

Encoded data is appended to ASN1_encoder.buf, and the buffer is allocated then re-allocated as fields are being encoded. To do this, MSASN.1 functions call ASN1EncCheck(), passing the needed size as an argument. For the initial allocation, ASN1EncCheck() allocates space in the heap by calling the Windows API function LocalAlloc(). The size of the initial allocation is at least 1,024 bytes. During subsequent invocations, ASN1EncCheck() reallocates the buffer if it cannot fit the needed size. In that case, it adds the current size of the buffer and the needed size, then passes the result as an argument to the Windows API function LocalReAlloc().

ASN1BEREncExplicitTag() calls MSASN.1 function ASN1BEREncTag(). ASN1BEREncTag() encodes the Identifier Octets, first by calling ASN1EncCheck() to make sure ASN1_encoder.buf has enough space, then writing the Identifier Octets at the address ASN1_encoder.current, and finally incrementing ASN1_encoder.current. At this

stage, the length of constructed fields is not known, as it depends on the length of other constructed and primitive fields that are yet to be encoded. So ASN1BEREncExplicitTag() reserves a single byte for the Length Octets in ASN1_encoder.buf by calling ASN1EncCheck() with size 1, and incrementing ASN1_encoder.current by 1.

ASN1Enc_KDC_PROXY_MESSAGE() then calls MSASN.1 function ASN1DEREncOctetString() to encode the kerb-message OCTET STRING field, passing as arguments a pointer to the ASN1_encoder structure as well as ASN1_KDC_PROXY_MSG.buf and ASN1_KDC_PROXY_MSG.len. ASN1DEREncOctetString() is an alias for the function ASN1BEREncCharString(). ASN1BEREncCharString() first calls ASN1BEREncTag() to encode the Identifier Octets, then it calls ASN1BEREncLength(), passing ASN1_KDC_PROXY_MSG.len as argument.

ASN1BEREncLength() first computes the number of bytes required for encoding the Length Octets, adds ASN1_KDC_PROXY_MSG.len, and then passes the resulting value as an argument to ASN1EncCheck(). This ensures that ASN1_encoder.buf has enough space for both the Length Octets and the Contents Octets. ASN1BEREncLength() then writes the Length Octets at address ASN1_encoder.current, and finally increments ASN1_encoder.current by the size of Length Octets. Finally, ASN1BEREncCharString() calls the Windows API function memcpy() to copy ASN1_KDC_PROXY_MSG.len from address ASN1_KDC_PROXY_MSG.buf to address ASN1_encoder.current.

However, MSASN.1 functions do not always handle unexpected inputs properly, notably, they don't check for possible integer overflows when handling large length values. Furthermore, KpsSocketRecvDataIoCompletion() does not check the length of the Kerberos response before calling KpsPackProxyResponse(). Finally, the Kerberos response validation in KpsCheckKerbResponse() can be bypassed by setting the byte immediately following the message length prefix to any value other than 0x7E or 0x6B. As a consequence, it is possible for a malicious domain controller to send a large Kerberos response that will cause memory corruption errors.

Integer overflows and memory corruption errors occur when encoding the kerb-message OCTET STRING field. At this point, both SEQUENCE and EXPLICIT fields have already been encoded, ASN1_encoder.buf points to a buffer of size 1,024, and ASN1_encoder.current points at the address ASN1_encoder.buf + 4. The maximum size for Kerberos responses accepted by KDC Proxy is 4,294,967,295. If sending a Kerberos response with a length from 4,294,967,291 to 4,294,967,295 (inclusive), ASN1BEREncLength() will find that 5 bytes are required to encode the Length Octets, then add the length of the Kerberos response. However, the addition result is stored in a 4-byte unsigned variable that overflows. As a consequence, the size passed as an argument to ASN1EncCheck() is very small. ASN1EncCheck() does not reallocate the ASN1_encoder.buf buffer and later, when ASN1BEREncCharString() calls memcpy() a heap buffer overflow occurs.

Alternatively, when sending a Kerberos response with a length from 4,294,966,267 to 4,294,967,290 (inclusive), ASN1BEREncLength() calls ASN1EncCheck(). As the current ASN1_encoder.buf buffer is too small, ASN1EncCheck() proceeds to reallocate it. It adds the current size of the buffer (1,024) to the length of the Kerberos response. However, the addition result is stored in a 4-byte unsigned variable that overflows. As a consequence,

LocalReAlloc() actually decreases the size of the buffer. Later when ASN1BEREncCharString() calls memcpy() an out-of-bounds write or a heap buffer overflow occurs. As an interesting edge case, it is possible to pass 0 as the new size to LocalReAlloc(). LocalReAlloc() returns a memory address, not an error, however, the memory is not actually allocated, and an access violation occurs when attempting to write to that address.

A remote, unauthenticated attacker could direct KDC proxy to forward a Kerberos request to a server under their control, which would then send back a crafted Kerberos response. Successful exploitation could result in arbitrary code execution in the security context of the target service.

Note: to reach the vulnerable code, it is not enough to send a short Kerberos response with a large message length prefix value in the first four bytes. The Kerberos response length must actually match the prefix value.

Detection Guidance

To detect an attack exploiting this vulnerability, the detection device must monitor and parse traffic on UDP port 389 and TCP port 88. Kerberos messages can be transported over either UDP or TCP on port 88. However, when sent over TCP, each request and response is preceded by the length of the message as 4 octets in network byte order.

The detection device must inspect Kerberos responses. Please note that KDC Proxy only uses TCP port 88 for Kerberos traffic (not UDP). Therefore, the device does not need to fully parse Kerberos responses. It just needs to parse the 4-byte message length prefix and be able to isolate responses within a TCP stream. If a Kerberos response is 0x80000000 (2,147,483,648) bytes or longer the traffic should be considered suspicious, an attack exploiting this vulnerability is likely underway.

Note: The detection guidance above is based on section 7.2.2 of the Kerberos V5 RFC. It mentions that, in the 4 octets message length prefix, the high bit must be set to 0. So, according to the RFC, the maximum length of Kerberos messages transmitted over TCP is 0x7FFFFFFF.

Questions About the Patch

Our research shows that the vulnerability lies in the ASN.1 library, however, the Microsoft advisory mentions the KDC Proxy server. Furthermore, the vulnerability was addressed by adding a length check in the KDC Proxy KpsSocketRecvDataIoCompletion() function. It is unclear why Microsoft chose this approach. It is possible that the ASN.1 library is known to have bugs, and that is expected for invoking software to check its inputs. It is also unclear whether any other software components can be used to trigger the vulnerability in the ASN.1 library. As such, the present report focuses on the KDC Proxy server.

Conclusion

This vulnerability was patched by the vendor in November. To date, no attacks have been detected in the wild. Microsoft doesn’t provide any mitigations for this bug, but they do note only servers configured as a KDC server are affected. Domain controllers are not impacted by this issue. They also note that since the vulnerability exists in the KDC Proxy Server service (KDCSVC), you are only vulnerable if you are already using KPSSVC in your environment. If you do not have it configured in your environment, then this vulnerability is not exploitable. We recommend all instances of KPSSVC server be patched immediately.

Special thanks to Simon Humbert and Guy Lederfein of the Trend Micro Research Team for providing such a thorough analysis of this vulnerability. For an overview of Trend Micro Research services please visit http://go.trendmicro.com/tis/.

The threat research team will be back with other great vulnerability analysis reports in the future. Until then, follow the team on Twitter, Mastodon, LinkedIn, or Bluesky for the latest in exploit techniques and security patches.

If you just want to read the contest rules, click here.

Willkommen, meine Damen und Herren, zu unserem ersten Wettbewerb in Berlin! That’s correct (if Google translate didn’t steer me wrong). While the Pwn2Own competition started in Vancouver in 2007, we always want to ensure we are reaching the right people with our choice of venue. Over the last few years, the OffensiveCon conference in Berlin has emerged as one of the best offensive-focused events of the year. And while CanSecWest has been a great host over the years, it became apparent that perhaps it was time to relocate our spring event to a new home. With that, we are happy to announce that the enterprise-focused Pwn2Own event will take place on May 15-17, 2025, at the OffensiveCon conference in Berlin, Germany. While this event is currently sold out, we do have tickets available for competitors, and we believe the conference will also open a few more tickets for the public, too. The conference sold out its first run of tickets in under six hours, so it should be a fantastic crowd of some of the best vulnerability researchers in the world.

We couldn’t go to a new venue without introducing a new category, and what technology has generated the most questions regarding its security posture? Artificial Intelligence. That’s why we are introducing the AI category with six targets in different frameworks. We’re going well beyond just prompt injections – you’ll need to execute arbitrary code to win this category. Last year, we introduced the Cloud-Native/Container category, and we were thrilled to see a successful Docker container escape at the contest. We’ll see if the AI category can make a similar splash or if it goes uncontested. I would bet there will be some participation – if I were a betting man.

The Cloud-Native/Container category returns as does the Tesla category. Tesla has been a great partner since 2019, and they continue to innovate and increase the security of their vehicles, and I’m sure they will take the learnings from the recent Pwn2Own Automotive forward to the Berlin event. For this event, we’re focused simply on impact and getting code execution in a target component on the vehicle. For some targets, that may mean you need to get code execution in multiple systems on the way. And no, the awards aren’t cumulative. For example, you may need to exploit the infotainment system on the way to the Autopilot, but you’ll only get the award for the Autopilot.

Of course, Pwn2Own wouldn’t be the same without our classic categories, like web browsers, OSes, and Enterprise Servers. Last year, the Master of Pwn was awarded to Manfred Paul, who successfully exploited all four web browsers at the contest. Altogether, we’ll again be offering more than $1,000,000 USD in cash and prizes at this year’s event. We’re looking forward to a new venue and an exciting event with some cutting-edge exploitation on display. Here is a full list of the categories for this year’s event:  

          -- AI Category
          -- Web Browser Category
          -- Cloud-Native/Container Category
          -- Virtualization Category
          -- Enterprise Applications Category
          -- Server Category
          -- Local Escalation of Privilege Category
          -- Automotive Category

Of course, no Pwn2Own competition would be complete without us crowning a Master of Pwn (Meister von Pwn?). Since the order of the contest is decided by a random draw, contestants with an unlucky draw could still demonstrate fantastic research but receive less money since subsequent rounds go down in value. However, the points awarded for each unique, successful entry do not go down. Someone could have a bad draw and still accumulate the most points. The person or team with the most points at the end of the contest will be crowned Master of Pwn, receive 65,000 ZDI reward points (instant Platinum status), a killer trophy, and a pretty snazzy jacket to boot.

Let's look at the details of the rules for this year's event.

AI Category

We’re excited to introduce this category as it goes beyond what other AI “hackathons” have done already. In the past, AI Hackathons have focused on using AI to develop vulnerabilities or other offensive frameworks. We're opening up the AI infrastructure that is used to run models for exploitation - vector databases, frameworks for running models, and development toolkits. An attempt in this category must be launched from the contestant’s laptop. For the NVIDIA Container Toolkit target, the attempt must be launched from within a crafted container image and execute arbitrary code on the host operating system.

Back to top

Web Browser Category

While browsers are the “traditional” Pwn2Own target, we’re continuously tweaking the targets in this category to ensure they remain relevant. We re-introduced renderer-only exploits a couple of years ago, and their reward remains at $60,000. However, if you have that Windows kernel privilege escalation or sandbox escape, that will earn you up to $100,000 or $150,000 respectively. The Windows-based targets will be running in a VMware Workstation virtual machine. Consequently, all browsers (except Safari) are eligible for a VMware escape add-on. If a contestant can compromise the browser in such a way that also executes code on the host operating system by escaping the VMware Workstation virtual machine, they will earn themselves an additional $80,000 and 8 more Master of Pwn points. Full exploits are still required for Apple Safari and Mozilla Firefox. Here’s a detailed look at the targets and available payouts:

Back to top

Cloud-Native/Container Category

We’re excited to have this category return for its sophomore season, and we’re hopeful even more contestants will target one of these container targets. For an attempt to be ruled a success against these three, the exploit must be launched from within the guest container/microVM and execute arbitrary code on the host operating system. The final target in this category is gRPC – a modern open-source high-performance Remote Procedure Call (RPC) framework that can run in any environment.  A success here must leverage a vulnerability in the gRPC code base to obtain arbitrary code execution. Here are the payouts for this category:

Back to top

Virtualization Category

Some of the highlights for each contest can be found in the Virtualization Category, and we’re thrilled to see what this year’s event could bring with it. As usual, VMware is the main highlight of this category as we’ll have VMware ESXi alongside VMware Workstation as a target with awards of $150,000 and $80,000 respectively. Microsoft also returns as a target and leads the virtualization category with a $250,000 award for a successful Hyper-V Client guest-to-host escalation. Oracle VirtualBox rounds out this category with a prize of $40,000.

There’s an add-on bonus in this category as well. If a contestant can escape the guest OS, then escalate privileges on the host OS through a Windows kernel vulnerability (excluding VMware ESXi), they can earn an additional $50,000 and 5 more Master of Pwn points. That could push the payout on a Hyper-V bug to $300,000. Here’s a detailed look at the targets and available payouts in the Virtualization category:

Back to top

Enterprise Applications Category

Enterprise applications return as targets with Adobe Reader and various Office components on the target list once again. Attempts in this category must be launched from the target under test. For example, launching the target under test from the command line is not allowed. Prizes in this category run from $50,000 for a Reader exploit with a sandbox escape or a Reader exploit with a kernel privilege escalation and $100,000 for an Office 365 application. Word, Excel, and PowerPoint are all valid targets. Microsoft Office-based targets will have Protected View enabled where applicable. Adobe Reader will have Protected Mode enabled where applicable. Here’s a detailed view of the targets and payouts in the Enterprise Application category:

Back to top

Server Category

The Server Category for 2025 focuses solely on the server components we’re most interested in. These servers are often targeted by everyone from ransomware crews to nation/state actors, so we know there are exploits out there for them. The only question is whether we’ll see any of the competitors bring one of those exploits to Pwn2Own. SharePoint has been exploited in the wild, and in one case, part of that exploit chain was demonstrated at Pwn2Own. Microsoft Exchange has been a popular target for some time, and it returns as a target this year as well, with a payout of $200,000. This category is rounded out by Microsoft Windows RDP/RDS, which also has a payout of $200,000. Here’s a detailed look at the targets and payouts in the Server category:

Back to top

Local Escalation of Privilege Category

This category is a classic for Pwn2Own and focuses on attacks that originate from a standard user and result in executing code as a high-privileged user. A successful entry in this category must leverage a kernel vulnerability to escalate privileges. We’ve swapped Ubuntu Desktop for Red Hat Enterprise Linux for Workstations, while Apple macOS, and Microsoft Windows 11 return as targets in this category. Last year, an exploit demonstrated at Pwn2Own won the Pwnie Award for Best Privilege Escalation. It would be interesting if a Pwn2Own bug could go back-to-back. Here’s a detailed look at the targets and payouts in this category:

Back to top

Automotive Category

Since adding the Automotive Category in 2019, we’ve seen some amazing and creative research displayed – so much so that we expanded to holding a Pwn2Own Automotive event. Still, we’re happy to have Tesla return as a target for this event. As previously mentioned, we’ve streamlined the rules for this category this year, but that doesn’t mean it’s any easier to win. We’ll have both the 2024 Tesla Model 3 and 2025 Tesla Model Y bench-top units available as targets. We conduct all tests on the bench-top units as attempting the exploits on an actual vehicle could prove hazardous to bystanders and other vehicles in the area. Here are this year’s awards for the Automotive Category:

Back to top

Conclusion

The complete rules for Pwn2Own 2025 are found here. As always, we encourage entrants to read the rules thoroughly if they choose to participate. If you are thinking about participating but have specific configuration or rule-related questions, email us. Questions asked over X (nee Twitter), BlueSky, Instagram, or other means will not be answered. Registration is required to ensure we have sufficient resources on hand at the event. Please contact ZDI at pwn2own@trendmicro.com to begin the registration process. Registration for onsite participation closes at 5 p.m. Central European Time on May 8, 2025.

Be sure to stay tuned to this blog and follow us on Twitter, Mastodon, LinkedIn, or Bluesky for the latest information and updates about the contest. We look forward to seeing everyone in Germany, and we hope someone has a new car to drive home from this year’s Pwn2Own competition.

With special thanks to our Pwn2Own 2025 partner Tesla

 

©2025 Trend Micro Incorporated. All rights reserved. PWN2OWN, ZERO DAY INITIATIVE, ZDI, TREND ZERO DAY INITIATIVE, and Trend Micro are trademarks or registered trademarks of Trend Micro Incorporated. All other trademarks and trade names are the property of their respective owners.

We’ve survived Pwn2Own Automotive and made it to the second Patch Tuesday of 2025. As always, Microsoft and Adobe have released their latest security patches. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:

Adobe Patches for February 2025

For February, Adobe released seven bulletins addressing 45 CVEs in Adobe InDesign, Commerce, Substance 3D Stager, InCopy, Illustrator, Substance 3D Designer, and Adobe Photoshop Elements. The largest by far is the update for Commerce with 31 CVEs addressed. While there are some cross-site scripting (XSS) bugs addressed, there are also some security feature bypasses and Critical-rated code execution bugs, too. The update for InDesign fixes seven bugs, four of which are rated Critical. The three bugs in Illustrator are also rated Critical and could lead to arbitrary code execution when opening a malicious file.

The patch for Substance 3D Stager fixes a single DoS bug. The fix for InCopy is also a single bug, but this one is a Critical-rated code execution. That’s the same case of the Substance 3D Designer patch. The final Adobe patch for February covers an Important-rated privilege escalation in Photoshop Elements.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.

Microsoft Patches for February 2025

This month, Microsoft released 57 new CVEs in Windows and Windows Components, Office and Office Components, Azure, Visual Studio, and Remote Desktop Services. Two of these were submitted through the Trend ZDI program. With the addition of the third-party CVEs, the entire release tops out at 67 CVEs.

Of the patches released today, four are rated Critical, 52 are rated Important, and one is rated Moderate in severity. After a couple of record-breaking releases, this volume of fixes is more in line with expectations. Let’s hope this trend, rather than monster releases, remains the norm for 2025.

Two of these bugs are listed as publicly known, and two others are listed as under active attack at the time of release. Let’s take a closer look at some of the more interesting updates for this month, starting with the bugs currently being exploited:

 

-  CVE-2025-21391 - Windows Storage Elevation of Privilege Vulnerability
This is one of the bugs being exploited in the wild receiving a patch in this month’s release, and it’s a type of bug we haven’t seen exploited publicly. The vulnerability allows an attacker to delete targeted files. How does this lead to privilege escalation? My colleague Simon Zuckerbraun details the technique here. While we’ve seen similar issues in the past, this does appear to be the first time the technique has been exploited in the wild. It’s also likely paired with a code execution bug to completely take over a system. Test and deploy this quickly.

-   CVE-2025-21418 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
This is the other bug being actively exploited, but it’s a more traditional privilege escalation than the other one. In this case, an authenticated user would need to run a specially-crafted program that ends up executing code with SYSTEM privileges. That’s why these types of bugs are usually paired with a code execution bug to take over a system. Microsoft doesn’t provide any information on how widespread these attacks are, but regardless of how targeted the attacks may be, I would test and deploy these patches quickly.

-   CVE-2025-21376 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
This vulnerability allows a remote, unauthenticated attacker to run their code on an affected system simply by sending a maliciously crafted request to the target. Since there’s no user interaction involved, that makes this bug wormable between affected LDAP servers. Microsoft lists this as “Exploitation Likely”, so even though this may be unlikely, I would treat this as an impending exploitation. Test and deploy the patch quickly.

-  CVE-2025-21387 - Microsoft Excel Remote Code Execution Vulnerability
This is one of several Excel fixes where the Preview Pane is an attack vector, which is confusing as Microsoft also notes that user interaction is required. They also note that multiple patches are required to address this vulnerability fully. This likely can be exploited either by opening a malicious Excel file or previewing a malicious attachment in Outlook. Either way, make sure you get all the needed patches tested and deployed.

Here’s the full list of CVEs released by Microsoft for February 2025:

CVE Title Severity CVSS Public Exploited Type CVE-2025-21418 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No Yes EoP CVE-2025-21391 Windows Storage Elevation of Privilege Vulnerability Important 7.1 No Yes EoP CVE-2025-21194 Microsoft Surface Security Feature Bypass Vulnerability Important 7.1 Yes No SFB CVE-2025-21377 NTLM Hash Disclosure Spoofing Vulnerability Important 6.5 Yes No Spoofing CVE-2025-21379 DHCP Client Service Remote Code Execution Vulnerability Critical 7.1 No No RCE CVE-2025-21177 Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability Critical 8.7 No No EoP CVE-2025-21376 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Critical 8.1 No No RCE CVE-2025-21381 Microsoft Excel Remote Code Execution Vulnerability Critical 7.8 No No RCE CVE-2025-21188 Azure Network Watcher VM Extension Elevation of Privilege Vulnerability Important 6 No No EoP CVE-2025-21179 DHCP Client Service Denial of Service Vulnerability Important 4.8 No No DoS CVE-2023-32002 * HackerOne: CVE-2023-32002 Node.js `Module._load()` policy Remote Code Execution Vulnerability Important 9.8 No No RCE CVE-2025-21212 Internet Connection Sharing (ICS) Denial of Service Vulnerability Important 6.5 No No DoS CVE-2025-21216 Internet Connection Sharing (ICS) Denial of Service Vulnerability Important 6.5 No No DoS CVE-2025-21254 Internet Connection Sharing (ICS) Denial of Service Vulnerability Important 6.5 No No DoS CVE-2025-21352 Internet Connection Sharing (ICS) Denial of Service Vulnerability Important 6.5 No No DoS CVE-2025-21375 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-24036 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability Important 7 No No EoP CVE-2025-21368 Microsoft Digest Authentication Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-21369 Microsoft Digest Authentication Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-21279 * Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 6.5 No No RCE CVE-2025-21283 * Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 6.5 No No RCE CVE-2025-21342 * Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-21408 * Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-21383 Microsoft Excel Information Disclosure Vulnerability Important 7.8 No No Info CVE-2025-21386 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-21387 † Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-21390 † Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-21394 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-21198 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability Important 9 No No RCE CVE-2025-21181 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-21392 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-21397 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE CVE-2025-21259 Microsoft Outlook Spoofing Vulnerability Important 5.3 No No Spoofing CVE-2025-21322 Microsoft PC Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-21400 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8 No No RCE CVE-2025-24039 Visual Studio Code Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2025-24042 Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2025-21206 Visual Studio Installer Elevation of Privilege Vulnerability Important 7.3 No No EoP CVE-2025-21351 Windows Active Directory Domain Services API Denial of Service Vulnerability Important 7.5 No No DoS CVE-2025-21184 Windows Core Messaging Elevation of Privileges Vulnerability Important 7 No No EoP CVE-2025-21358 Windows Core Messaging Elevation of Privileges Vulnerability Important 7.8 No No EoP CVE-2025-21414 Windows Core Messaging Elevation of Privileges Vulnerability Important 7 No No EoP CVE-2025-21347 Windows Deployment Services Denial of Service Vulnerability Important 6 No No DoS CVE-2025-21420 Windows Disk Cleanup Tool Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-21373 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-21350 Windows Kerberos Denial of Service Vulnerability Important 5.9 No No DoS CVE-2025-21359 Windows Kernel Security Feature Bypass Vulnerability Important 7.8 No No SFB CVE-2025-21337 Windows NTFS Elevation of Privilege Vulnerability Important 3.3 No No EoP CVE-2025-21349 Windows Remote Desktop Configuration Service Tampering Vulnerability Important 6.8 No No Tampering CVE-2025-21182 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability Important 7.4 No No EoP CVE-2025-21183 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability Important 7.4 No No EoP CVE-2025-21208 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-21410 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-21419 Windows Setup Files Cleanup Elevation of Privilege Vulnerability Important 7.1 No No EoP CVE-2025-21201 Windows Telephony Server Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-21190 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-21200 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-21371 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-21406 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-21407 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 No No RCE CVE-2025-21367 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Important 7.8 No No EoP CVE-2025-21253 Microsoft Edge for IOS and Android Spoofing Vulnerability Moderate 5.3 No No Spoofing CVE-2025-21267 * Microsoft Edge (Chromium-based) Spoofing Vulnerability Low 4.4 No No Spoofing CVE-2025-21404 * Microsoft Edge (Chromium-based) Spoofing Vulnerability Low 4.3 No No Spoofing CVE-2025-0444 * Chromium: CVE-2025-0444 Use after free in Skia High N/A No No RCE CVE-2025-0445 * Chromium: CVE-2025-0445 Use after free in V8 High N/A No No RCE CVE-2025-0451 * Chromium: CVE-2025-0451 Inappropriate implementation in Extensions API Medium N/A No No RCE

* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.
† Indicates further administrative actions are required to fully address the vulnerability.

Moving on to the other Critical-rated bugs, there’s a code execution bug in the DHCP server, but it can only be accessed by Adjacent attackers. It also requires a machine-in-the-middle (MITM) exploit, so this bug is definitely unlikely to be exploited in the wild. The other Critical-rated bug is in Microsoft Dynamics 365 and has already been addressed by Microsoft, so there’s no action here.

Looking at the other code execution bugs, many patches impact Excel and other Office components. Many of the Excel bugs have the Preview Pane as an attack vector as well, but again, Microsoft notes that user interaction is required. Some of these updates require multiple patches, so please pay attention when you’re deploying updates. The bug in SharePoint does require special privileges, but anyone who can create a site in SharePoint has the appropriate privileges. Two bugs in Digest Authentication can be hit remotely, but they do require authentication. The Telephony Service and Routing and Remote Access Service (RRAS) have several fixes, but none of these are likely to be exploited. The final RCE bug is in the High Performance Compute (HPC) Pack that could allow attackers the ability to perform RCE on other clusters or nodes connected to the targeted head node. HPC Clusters are often complex, but there’s just a single patch to test and deploy here.

There are a handful of privilege escalation bugs receiving fixes in this month’s release, and most of these either lead to SYSTEM-level code execution or administrative privileges if an authenticated user runs specially crafted code. One of these was reported by Trend ZDI’s Simon Zuckerbraun. CVE-2025-21373 is a link-following bug. Though the “msiserver” service is protected by the Redirection Guard mitigation, the mitigation can be bypassed if the attacker can mount an NTFS-formatted removable drive such as a USB drive. In this case, a low-privileged user can use this vulnerability to escalate privileges and execute code as SYSTEM.

There are some exceptions to this style of privilege escalation bugs. The vulnerability Windows Setup Files could allow a file deletion, similar to the bug being actively exploited. The bug in NTFS could list folder contents, but it’s not clear how this could lead to an escalation. The bug in AutoUpdate is only in the macOS version and leads to root permissions. Microsoft doesn’t provide details about the bug in Azure Network Watcher other than to say an attack would need Contributor or Owner permissions. Finally, the bugs in Visual Studio would allow an attacker to gain the rights of the user running the affected application.

There are two security feature bypass (SFB) bugs included in this release, and the bug in Microsoft Surface is listed as publicly known. This could allow an attacker to avoid UEFI protections, but there are a mountain of caveats to exploitation. The bug in the kernel is interesting from a policy perspective. The vulnerability allows an attacker to bypass the user access control (UAC) prompt. Microsoft used to not fix bugs of this nature as they claimed UAC was not a security boundary – therefore, UAC bypasses weren’t a security bug. With this fix, Microsoft quietly announces it has changed its mind about this policy.

There’s only one information disclosure bug this month, and that’s for Excel. It only results in info leaks consisting of unspecified memory contents. There’s also a single Tampering bug in Remote Desktop, but Microsoft doesn’t say what is being tampered with. They do note it requires a MITM attack.

There are nine different Denial-of-Service (DoS) bugs getting fixed this month, and as usual, details are sparse. The bugs in the DHCP server and Internet Connection Sharing (ICS) service require a network adjacent attacker. Others require attackers to send specially crafted messages to the target. However, the bug in Windows Deployment Services is different. To begin with, it’s a local bug and requires authentication. The attacker could overwrite file contents and cause the service to be unavailable.

Finally, there are three spoofing bugs fixed in the release. The first is a publicly known bug in NTLM. As expected, NTLM spoofing means relaying an NTLMv2 hash. The spoofing bug in Outlook impacts your Junk folder and could make it appear as though the sender is someone else. Microsoft provides no information about the bug in Edge for iOS and Android. If you’re one of the dozens out there using Edge on iOS or Android, go to your respective app store and download the updates.

No new advisories are being released this month.

Looking Ahead

The next Patch Tuesday of 2025 will be on March 11, and I’ll return with my analysis and thoughts about the release. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!

It’s a new year, but before we look forward to breaking all of our resolutions, let’s pause to take a look at the year that was for Trend Zero Day Initiative™ (ZDI).

Pwn2Own Competitions Keep Exceeding Expectations

Even though we just completed Pwn2Own Automotive 2025, we would be remiss if we didn’t mention the inaugural edition that occurred in January 2024. That contest brought together some of the best automotive researchers around the globe to the biggest (literally) Pwn2Own stage in history. The event garnered more participation than expected, as we awarded a record-setting amount of $1,323,750 for the discovery of 49 unique zero-day vulnerabilities across the three days of competition. From there, we moved on to Vancouver, where Manfred Paul wowed us all by hacking Chrome, Edge, Firefox, and Safari on his way to winning Master of Pwn. That event awarded $1,132,500 for 29 unique 0-days and also saw the first Docker escape at a Pwn2Own event. We ended by moving to Ireland and our Cork offices. This contest also saw the end of remote participation and required all contestants to be onsite. Over the four days of the contest, we awarded $1,066,625 for over 70 0-day vulnerabilities. That means Pwn2Own awarded over $3,500,000 in 2024 for 148 unique 0-days.

Figure 1 - Ken Gannon exploiting the Samsung Galaxy S24 at Pwn2Own Ireland

By the Numbers

In 2024, Trend ZDI published 1,741 advisories, which is down slightly from last year’s record high of 1,913 (more on that in a bit). While not a record-setting year, we’re just fine with that total. We don’t need to set a new mark every year – it’s just not sustainable. And while we do work with some of the best researchers from around the globe, our own researchers had a great year, too. Just over 40% of all published advisories were reported by Trend ZDI security researchers. Here’s how those numbers of advisories stack up year-over-year. 

Figure 2 - Published advisories over the lifetime of the program

Coordinated disclosure of vulnerabilities continues to be a priority for our program, and it continues to be a success as well. While 2020 saw our largest percentage of 0-day disclosures, the number declined over the next two years. However, while this number grew in 2023, it was down slightly in 2024. It decreased from 10.2% of disclosures to 9.7% - so not too much of a change at all.

Figure 3 - 0-day disclosures per year

Here’s a breakdown of advisories by vendor. While the top vendor (AutoDesk) may surprise you, we’ve worked with them extensively this year to improve their products. They’ve actually been a great partner to work with. The number two vendor, Delta Electronics, should also indicate to you the state of ICS/SCADA security, which we believe is still not up to par with their enterprise counterparts. This also marks the first year that we reported more Apple bugs than Adobe bugs, but something tells me that the trend won’t continue in 2025. Speaking of Adobe, PDF parsing remains a security challenge for vendors beyond just Acrobat and Reader. Foxit, Kofax/Tungsten Automation, and PDF-XChange all had a significant number of file parsing bugs reported by Trend ZDI.

Figure 4 - Vendor distribution of published advisories in 2024

Of course, we’re always looking to acquire impactful bugs, and here’s an interesting comparison from 2023. Even though we published fewer bugs in 2024, we disclosed more Critical and High severity bugs in 2024 than we did in 2023. We put quality over quantity.

Figure 5 - CVSS distribution of published advisories in 2024

Here’s how that compares to previous years:

Figure 6 - Distribution of CVSS scores from 2015-2024

When it comes to the types of bugs we’re buying, here’s a look at the top 10 Common Weakness Enumerations (CWEs) from 2024:

Figure 7 - Top CWEs of published advisories in 2024

It’s a bit disconcerting to see so many “simple” bugs, such as stack overflows and SQL injections, still account for so many bugs. Let’s hope that changes in 2025.

Looking Ahead

Moving into the new year, we anticipate staying just as busy. We just completed Pwn2Own Automotive 2025 and have a special announcement about our next Pwn2Own contest coming up soon. Don’t worry if you can’t attend in person. We’ll be streaming and posting videos of the event to just about every brand of social media available. We also have more than 350 cases waiting to be patched, and our incoming queue is overflowing as we’re still catching up.

We’re also looking to update our website and blog at some point this year. I know – I said that last year as well, but this time, I mean it. When that occurs, I promise I’ll do everything possible to ensure you will be able to choose between a light and dark theme. We’re also hoping to expand our video offerings, and I’ll continue offering the Patch Report on Patch Tuesdays and hope to tweak the format a bit in the coming year.

As always, we look forward to refining our outreach and acquisition efforts by further aligning with the risks our customers are facing to ensure the bugs we squash have the biggest impact on our customers and the broader ecosystem. In other words, 2025 is shaping up to be another exciting year with impactful research, great contests, and real information you can use. We hope you come along for the ride. Until then, be well, stay tuned to this blog, subscribe to our YouTube channel, and follow us on Twitter, Mastodon, LinkedIn, or Bluesky for the latest in exploit techniques and security patches.

Welcome to the third and final day of Pwn2Own Automotive 2025. Over the past two days, we have awarded $718,250 for 39 unique 0-days. Sina Kheirkhah has a commanding lead for Master of Pwn, but anything can happen. Here’s a look at today’s results…

SUCCESS - Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) used a single bug to exploit the ChargePoint EV charger. He earns himself another $25,000 and 5 Master of Pwn points.

SUCCESS - The Synacktiv (@Synacktiv) team used a single integer overflow to exploit the Sony IVI. Their work earns them another $10,000 and 2 Master of Pwn points.

SUCCESS - The Synacktiv (@Synacktiv) team used a single buffer overflow to exploit the Autel MaxiCharger. They were also able to demonstrate signals being transmitted via the Charging Connector for the add on. This work earns them $35,000 and 6 Master of Pwn points.

SUCCESS/COLLISION - Bongeun Koo (@kiddo_pwn) of STEALIEN used three bugs to exploit the Ubiquiti charger, but two were already known. He still wins $26,750 and 4.5 Master of Pwn points.

SUCCESS - Thanh Do (@nyanctl) of Team Confused was able to confuse the Alpine iLX-507 with a single stack buffer overflow. The unique bug earns him $10,000 and 2 Master of Pwn points.

SUCCESS - The PHP Hooligans again show their expertise by using a single OS command injection bug to exploit the Kenwood DMX958XR. Their final attempt of the contest earns them another $10,000 and 2 Master of Pwn points.

SUCCESS/COLLISION - Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of fuzzware.io used a two bug chain - including an uninitialized variable - to exploit the WOLFBOX EV charger. However, one of these bugs was previously known. The earn $18,750 and 2 Master of Pwn points.

COLLISION - Rob Blakely and Andres Campuzano of the Technical Debt Collectors successfully exploited the Tesla Wall Connector, but they used a previously known bug. They still earn $12,500 and 2.5 Master of Pwn points.

SUCCESS - Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) used a command injection bug for his last exploit of the contest. He was able to pop the Alpine iLX-507 and earn himself another $10,000 and 2 more Master of Pwn points.

SUCCESS - The final attempt of the contest was the Pwn2Own debut of Evan Grant (@stargravy). He successfuly used an OS command injection bug to exploit the Kenwood DMX958XR. His unique approach earns him $10,000 and 2 Master of Pwn points.

And that’s a wrap! Pwn2Own Automotive 2025 is complete. In total, we awarded $886,250 for 49 0-days over the three day competition. With 30.5 points and $222,250 awarded, Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) is our Master of Pwn. Here’s the top five standings:

Thanks to all of the researchers and vendors who attended. Without their hard work and dedication, none of this would be possible. Thanks also to our partners at VicOne and our sponsor Tesla. Their partnership has been invaluable. Stay tuned for upcoming announcements about future Pwn2Own competitions. We have a lot in store. See you then!

Welcome to the second day of Pwn2Own Automotive 2025. Yesterday, we awarded more than $380,000 for 16 unique 0-days - and we had several bug collisions as well. Today looks to be even better, with the WOLFBOX and Tesla EV chargers making their Pwn2Own debut. Here’s how the Master of Pwn standings look at the beginning of Day Two:

We’ll see how they look at the end of the day. Here are the Day Two results, which we will be updating throughout the competition.

SUCCESS - Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) combined a couple of bugs to exploit the WOLFBOX charger and introduce it to the world of Pwn2Own. His efforts earn him $50,000 and 5 Master of Pwn points.

SUCCESS - The Tesla Wall Connector has been christened by the PHP Hooligans. They used a Numeric Range Comparison Without Minimum Check bug (CWE-839) to take over the machine and crash it. They earn $50,000 and 5 Master of Pwn points.

SUCCESS/COLLISION - The team of @vudq16, @tacbliw, and @_q5ca from Viettel Cyber Security (@vcslab) used a command injection combined with a known bug to exploit the ChargePoint HomeFlex. They earn $18,750 and 3.75 Master of Pwn points.

SUCCESS - We were definitely thrilled to see Cong Thanh (@ExLuck99) and Nam Dung (@greengrass19000) of ANHTUD use a command injection bug to exploit the Alpine iLX-507 and leave us a special message. Their round 2 win earns them $10,000 and 2 Master of Pwn points.

COLLISION - The ZIEN, Inc. (@zien_security) of HANRYEOL PARK (@hanR0724), HYOJIN LEE (@meixploit), HYEOKJONG YUN (@dig06161), HYEONJUN LEE (@gul9ul), DOWON KWAK (@D0uneo), YOUNGMIN CHO (@ZIEN0621) successfully exploited the Kenwood DMX958XR, but they used a known bug. They still win $5,000 and 5 Master of Pwn points.

SUCCESS - The folks from HT3 Labs (@ht3labs) used a missing authentication bug combined with an OS command injection to exploit the Phoenix Contact CHARX. Their 2nd round win nets them $25,000 and 5 Master of Pwn points.

COLLISION - Although the team of Radu Motspan (@moradek), Polina Smirnova (@moe_hw) and Mikhail Evdokimov (@konatabrk) from PCAutomotive successfully exploited the Tesla Wall Connector, the bug they used was previously known. The still earn $22,500 and 3.5 Master of Pwn points.

FAILURE - Unfortunately, the team o Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of fuzzware.io could not get their exploit of the ChargePoint HomeFlex working within the time allotted.

SUCCESS/COLLISION - Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) combined six different bugs, improper access control and stack-based buffer overflows, to exploit the Autel MaxiCharger. However, one of the bugs he used was previously known. He still earns $23,000 and 4.75 Master of Pwn points.

COLLISION - Although the Pony 74 team successfully exploited the Kenwood DMX958XR, the bug they used was previously known. They still earn $5,000 and 1 Master of Pwn point.

SUCCESS - The GMO Cybersecurity by Ierae, Inc. team combined an improper certificate validation bug to a path traversal to exploit the Alpine iLX-507. Their second round win earns them $10,000 and 2 Master of Pwn points.

SUCCESS/COLLISION - Rafal Goryl of PixiePoint Security used a 2 bug chain to exploit the WOLFBOX Level 2 EV Charger, but one of the bugs was previously known. He earns himself $18,750 and 3.75 Master of Pwn points.

SUCCESS - Radu Motspan (@moradek), Polina Smirnova (@moe_hw) and Mikhail Evdokimov (@konatabrk) of PCAutomotive chained three different bugs (a heap overflow, an authentication bypass, and an improper isolation bug) to exploit the Sony XAV-AX8500 with 0 clicks. Their third round win nets them $10,000 and 2 Master of Pwn points.

SUCCESS - Sina Kheirkhah (@SinSinology) of the Summoning Team (@SummoningTeam) continues his successful run at the contest continues as he uses a command injection bug to exploit the Kenwood DMX958XR. His second round win earns him another $10,000 and 2 Master of Pwn points.

SUCCESS - The team from Synacktiv used a logic bug as a part of their chain to exploit the Tesla Wall Connector via the Charging Connector. Their outstanding (and inventive) research earns them $45,000 and 7 Master of Pwn points.

COLLISION - The CIS Team exploited the Alpine IVI but used a known bug. The ghost of CVE-2024-23924 rears its head as the specter of "shared risk" lingers. The unfixed Alpine bug from last year strikes again. The CIS Team still earns $5,000 and 1 Master of Pwn points.

FAILURE - Unfortunately, the PHP Hooligans could not get their exploit of the WOLFBOX Level 2 EV Charger working within the time allotted.

COLLISION - The Viettel Cyber Security (@vcslab) successfully exploited the Sony XAV-AX8500, but the bug they used was previously know. They earn $5,000 and 1 Master of Pwn point.

FAILURE - Unfortunately, the fuzzware.io could not get their exploit of the EMPORIA EV Charger Level 2 EV Charger working within the time allotted.

COLLISION - In his final attempt of the day, Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) used a two bug chain to exploit the Tesla Wall Connector. However, both were already known by the vendor. This bug collision still earns him $12,500 and 2.5 Master of Pwn points.

FAILURE - Unfortunately, Compass Security (@compasssecurity) could not get their exploit of the Alpine iLX-507 working within the time allotted.

SUCCESS - Our final entry of Day Two saw Juurin Oy, Elias Ikkelä-Koski and Aapo Oksman export the Kenwood DMX958XR with a command injection bug. They earn $10,000 and 2 Master of Pwn points.

That brings our Day Two total to $335,500 and the total for the event to $718,250. The teams demonstrated 23 unique 0-days today, and Sina Kheirkhah has a commanding lead for Master of Pwn. We’ll see what the final day of the contest brings.

Welcome to the first day of Pwn2Own Automotive 2025. We have 18 entries to go through today, and we will be updating the results here as we have them.

SUCCESS - The team from PCAutomotive used a stack-based buffer overflow to gain code execution on the Alpine IVI. They earn $20,000 and two Master of Pwn points.

SUCCESS - The team from Viettel Cyber Security used an OS command injection bug to exploit the Kenwood IVI for code execution. They win $20,000 and 2 Master of Pwn points.

SUCCESS - Cong Thanh (@ExLuck99) and Nam Dung (@greengrass19000) of ANHTUD used an integer overflow to gain code execution on the Sony XAV-AX8500. The earn themselves $20,000 and 2 Master of Pwn points.

SUCCESS/COLLISION - Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) used a 3 bug combo to exploit the Phoenix Contact CHARX SEC-3150, but one was publicly known. He still earns $41,750 and 4.25 Master of Pwn points.

SUCCESS/COLLISION - It took a while for us to confirm, but confirm we did! The team from Synacktiv used a stack-based buffer overflow plus a known bug in OCPP to exploit the ChargePoint with signal manipulation through the connector. They earn $47,500 and 4.75 Master of Pwn points.

SUCCESS - The PHP Hooligans used a heap-based buffer overflow to exploit the Autel charger. They earn $50,000 and 5 Master of Pwn points.

SUCCESS - The team from GMO Cybersecurity by Ierae, Inc. used a stack-based buffer overflow to to confirm their second round exploit of the Kenwood IVI. They earn $10,000 and 2 Master of Pwn points.

SUCCESS - The Viettel Cyber Security (@vcslab) team used a stack-based buffer overflow to exploit the Alpine IVI. This second round win earns the $10,000 and 2 Master of Pwn points.

SUCCESS - Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) proves he's never going to give us up or let us down by using a hard-coded cryptographic key bug in the Ubiquiti charger. He earns himself $50,000 and 5 Master of Pwn points - putting him in the early lead.

SUCCESS - It may have take 3 attempts, but it's confirmed! Thanh Do (@nyanctl) of Team Confused used a heap-based buffer overflow to exploit the Sony IVI. His round 2 win nets him $10,000 and 2 Master of Pwn points.

SUCCESS - After accessing an open port via power drill, Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of fuzzware.io leveraged a stack-based buffer overflow on the Autel MaxiCharger. Their second round win nets them $25,000 and 5 Master of Pwn points.

COLLISION - Well that's awkward. SK Shieldus (@EQSTLab) used a OS command injection bug, but it was one demonstrated in last year's contest. Alpine chose not to patch it since "in accordance with ISO21434...the vulnerability is classified as 'Sharing the Risk'." Yikes. The SK Shieldus team earns $5,000 and 1 Master of Pwn point. Check out ZDI-24-846 for details on the original bug report.

FAILURE - Unfortunately, Sina Kheirkhah (@SinSinology) could not get his exploit of the Sony IVI working within the time allotted. He still ends Day One of #Pwn2Own Automotive with $91,750 and 9.25 Master of Pwn points.

SUCCESS - The Synacktiv (@Synacktiv) team used an OS command injection bug to exploit the Kenwood DMX958XR and play a video of the original Doom game. Their second round win earns them $10,000 and 2 Master of Pwn points.

SUCCESS/COLLISION - Rob Blakely and Andres Campuzano of the Technical Debt Collectors used multiple bugs to exploit Automotive Grade Linux, but one of the bugs was previously known. They still earn $33,500 and 3.5 Master of Pwn points in the 1st PwnOwn attempt.

SUCCESS - In our first Pwn2Own After Dark submission, Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of fuzzware.io leveraged an origin validation error bug to exploit the Phoenix Contact CHARX SEC-3150. The round 2 win earns them $25,000 and 5 Master of Pwn points.

FAILURE - Unfortunately, Riccardo Mori of Quarkslab (@quarkslab) could not get his exploit of the Autel MaxiCharger AC Wallbox Commercial working within the time allotted.

COLLISION - Bongeun Koo (@kiddo_pwn) of STEALIEN also used the bug exploited in the Alpine last year. He earns $5,000 and 1 Master of Pwn point - plus lots of style points for the Nyan Cat display.

That wraps up Day 1 of #Pwn2Own Automotive 2025! In total, we awarded $382,750 for 16 unique 0-days. The team of Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of fuzzware.io is current in the lead for Master of Pwn, but Sina Kheirkhah (@SinSinology) is right on their heels. Stay tuned tomorrow for more results and surprises. #P2OAuto

こんにちは and welcome to the second annual Pwn2Own Automotive competition. We are at Automotive World in Tokyo, and we’ve brought together some of the best researchers in the world to test the latest automotive components. We had our random drawing for the order of events earlier today, and from that, we have put together the following schedule. Please note that all times are local to Tokyo and may change at any point.

Jump to:    Day One           Day Two           Day Three

Day One

Wednesday, January 22 – 1100 

Synacktiv (@Synacktiv) targeting the ChargePoint Home Flex in the Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation addon for $60000 and 6 Master of Pwn Points. 

Wednesday, January 22 – 1130 

Viettel Cyber Security (@vcslab) targeting the Kenwood DMX958XR in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Radu Motspan (@_moradek_), Polina Smirnova (@moe_hw) and Mikhail Evdokimov (@konatabrk) of PCAutomotive targeting the Alpine iLX-507 in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Wednesday, January 22 – 1200 

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting the Phoenix Contact CHARX SEC-3150 in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

Wednesday, January 22 – 1230 

Cong Thanh (@ExLuck99) and Nam Dung (greengrass19000) of ANHTUD targeting the Sony XAV-AX8500 in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Wednesday, January 22 – 1300 

PHP Hooligans targeting the Autel MaxiCharger AC Wallbox Commercial in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

Wednesday, January 22 – 1330 

GMO Cybersecurity by Ierae, Inc. targeting the Kenwood DMX958XR in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Viettel Cyber Security (@vcslab) targeting the Alpine iLX-507 in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points.  

Wednesday, January 22 – 1400  

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting the Ubiquiti Connect EV Station in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

Wednesday, January 22 – 1430 

Thanh Do (@nyanctl) of Team Confused targeting the Sony XAV-AX8500 in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Wednesday, January 22 – 1500 

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of fuzzware.io targeting the Autel MaxiCharger AC Wallbox Commercial in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

Wednesday, January 22 – 1530 

Synacktiv (@Synacktiv) targeting the Kenwood DMX958XR in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

SK Shieldus(@EQSTLab) targeting the Alpine iLX-507 in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Wednesday, January 22 – 1600 

Rob Blakely and Andres Campuzano of the Technical Debt Collectors targeting the Automotive Grade Linux in the Operating System category for $40000 and 4 Master of Pwn Points. 

Wednesday, January 22 – 1630 

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting the Sony XAV-AX8500 in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Pwn2Own After Dark 

Wednesday, January 22 – 1700 

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of fuzzware.io targeting the Phoenix Contact CHARX SEC-3150 in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

Riccardo Mori of Quarkslab (@quarkslab) targeting the Autel MaxiCharger AC Wallbox Commercial in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

Wednesday, January 22 – 1730 

Bongeun Koo(@kiddo_pwn) of STEALIEN targeting the Alpine iLX-507 in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Back to top

Day Two

Thursday, January 23 – 1100 

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting the WOLFBOX Level 2 EV Charger in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

PHP Hooligans targeting the Tesla Wall Connector in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

Viettel Cyber Security (@vcslab) targeting the ChargePoint Home Flex in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

Thursday, January 23 – 1200 

The ZIEN, Inc. (@zien_security) [HANRYEOL PARK (@hanR0724), HYOJIN LEE (@meixploit), HYEOKJONG YUN (@dig06161), HYEONJUN LEE (@gul9ul), DOWON KWAK (@D0uneo), YOUNGMIN CHO (@ZIEN0621)] targeting the Kenwood DMX958XR in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Cong Thanh (@ExLuck99) and Nam Dung (greengrass19000) of ANHTUD targeting the Alpine iLX-507 in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Thursday, January 23 – 1300 

HT3 Labs (@ht3labs) targeting the Phoenix Contact CHARX SEC-3150 in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

Radu Motspan (@_moradek_), Polina Smirnova (@moe_hw) and Mikhail Evdokimov (@konatabrk) of PCAutomotive targeting the Tesla Wall Connector in the Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation addon for $60000 and 6 Master of Pwn Points. 

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting the Autel MaxiCharger AC Wallbox Commercial  in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

Thursday, January 23 – 1400 

Pony 74 targeting the Kenwood DMX958XR in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

GMO Cybersecurity by Ierae, Inc. targeting the Alpine iLX-507 in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Thursday, January 23 - 1500 

Rafal Goryl of PixiePoint Security targeting the WOLFBOX Level 2 EV Charger in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

Radu Motspan (@_moradek_), Polina Smirnova (@moe_hw) and Mikhail Evdokimov (@konatabrk) of PCAutomotive targeting the Sony XAV-AX8500 in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of fuzzware.io targeting the ChargePoint Home Flex in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

Thursday, January 23 – 1600 

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting the Kenwood DMX958XR in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Synacktiv (@Synacktiv) targeting the Tesla Wall Connector in the Electric Vehicle Chargers category with the Charging Connector Attack addon for $70000 and 7 Master of Pwn Points. 

CIS Team targeting the Alpine iLX-507 in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Pwn2Own After Dark 

Thursday, January 23 – 1700  

PHP Hooligans targeting the WOLFBOX Level 2 EV Charger in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

Viettel Cyber Security (@vcslab) targeting the Sony XAV-AX8500 in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of fuzzware.io targeting the EMPORIA EV Charger Level 2 in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

Thursday, January 23 – 1800 

Juurin Oy, Elias Ikkelä-Koski and Aapo Oksman targeting the Kenwood DMX958XR in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting the Tesla Wall Connector in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

Compass Security (@compasssecurity) targeting the Alpine iLX-507 in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Back to top

Day Three

Friday, January 24 – 1100  

Bongeun Koo(@kiddo_pwn) of STEALIEN targeting the Ubiquiti Connect EV Station in the Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation addon for $60000 and 6 Master of Pwn Points. 

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting the ChargePoint Home Flex in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

Friday, January 24 – 1130 

Synacktiv (@Synacktiv) targeting the Sony XAV-AX8500 in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Friday, January 24 – 1200 

PHP Hooligans targeting the Kenwood DMX958XR in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Thanh Do (@nyanctl) of Team Confused targeting the Alpine iLX-507 in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Friday, January 24 – 1230 

Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of fuzzware.io targeting the WOLFBOX Level 2 EV Charger in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

Friday, January 24 – 1300 

Rob Blakely and Andres Campuzano of the Technical Debt Collectors targeting the Tesla Wall Connector in the Electric Vehicle Chargers category for $50000 and 5 Master of Pwn Points. 

Synacktiv (@Synacktiv) targeting the Autel MaxiCharger AC Wallbox Commercial in the Electric Vehicle Chargers category with the Charging Connector Protocol/Signal Manipulation addon for $60000 and 6 Master of Pwn Points. 

Friday, January 24 – 1400 

Evan Grant (@stargravy) targeting the Kenwood DMX958XR in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points. 

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting the Alpine iLX-507 in the In-Vehicle Infotainment (IVI) category for $20000 and 2 Master of Pwn Points.

The Results

We’ll be blogging and tweeting results in real-time throughout the competition. Be sure to keep an eye on the blog for the latest information. We’ll also be posting live results on Twitter, Mastodon, LinkedIn, and Bluesky, so follow us on your favorite social platform for the latest news, and keep an eye on the #P2OAuto hashtag for continuing coverage.

©2025 Trend Micro Incorporated. All rights reserved. PWN2OWN, ZERO DAY INITIATIVE, ZDI, and Trend Micro are trademarks or registered trademarks of Trend Micro Incorporated. All other trademarks and trade names are the property of their respective owners.

For the upcoming Pwn2Own Automotive contest, a total of four in-vehicle infotainment (IVI) head units have been selected as targets. One of these is the single-DIN Pioneer DMH-WT7600NEX. This unit offers a variety of functionality, such as wired and wireless Android Auto and Apple CarPlay, USB media playback, and more.

This blog post aims to detail some of the attack surfaces of the DMH-WT7600NEX unit as well as provide information on how to extract the software running on this unit for further vulnerability research.

Software Extraction

The initial effort to locate a serial console in the hope of easy software extraction bore no fruit. This left only a handful of options:

·      Work with the software update package instead. However, the package was found to be encrypted, making this approach a dead end initially; more on that below.
·      Attempt to desolder the eMMC chip and dump its contents using a programmer. This necessitates reballing and resoldering the eMMC chip, which is risky without proper SMD rework equipment.
·      Attempt to extract eMMC contents in-system. This does not require any SMD rework, but the signal locations must be known, and the system must be powered and held in reset while dumping is in progress.

The researchers chose the last option. Connecting to the eMMC chip could be performed via (thankfully labeled) test points on the board. The missing MMC_CLK signal was probed for using an oscilloscope; here is where it was found after numerous attempts.

In addition to that, the main SoC was held in reset by pulling the test point labelled RSTN to ground via a 220 Ohm resistor and a switch.

Note that when the SoC is held in reset, the 3.3V power line is cycled periodically by some other component, which powers off the eMMC chip. This is likely some watchdog component attempting to bring the system out of a hung state. Finding that component and persuading it not to do that was deemed too time consuming, and the 3.3V power rail was instead powered directly through a bench power supply.

Data at Rest

After the eMMC chip was successfully “backed up,” it was time for Trend ZDI researchers to have a look at the 8 gigabytes of its contents. The image was found to sport a GPT partition table, with the following partitions defined after mounting the image via the loopback interface on a test system:

There are two sets of bootable images, consisting of the header, boot, system, dtb, hirtos, bootloader, chips, and backup partitions. It is likely this is to safeguard against failed software updates, so there is a known good set of bootable images. Let’s have a closer look at what is contained in each partition:

·      The header partition contains what looks like to be a description of other partitions in the set.
·      The bootloader partition contains the bootloader as described, which seems to be a version of fastboot.
·      The boot partition contains the Android/Linux kernel version 3.18.24.
·      The dtb partition contains the DTB blob as described.
·      The system partition contains the root file system.
·      The hirtos partition contains a firmware image with ARM instructions. The exact purpose of this code is not currently known. The image consists of several chunks of code/data; some of it is obvious ARM code while others appear to be bitmap images. The following string was found inside the first chunk: “T-Monitor/triton_TCC897x Version 2.01.00” This suggests the code is to be executed on the main SoC but likely on a separate core.
·      The chips partition contains the firmware for the GNSS daughter board.
·      The backup partition contains some kind of binary data, rather sparsely organized.

Interestingly enough, the system itself appears to be a Linux-based one; none of typical Android infrastructure could be located there. All the custom software is concentrated in /usr/local/ subdirectories.

Software Updates

Obtaining an image of the code running on the device allowed a second look at the software update format. The latest update file can be obtained from the manufacturer; unfortunately, they do not seem to list previous versions. This is justified, as downgrading the software is not officially supported anyway—as the team found out firsthand.

The software update package is structured like this:

·      A header of 0x100 bytes describing the file, specifically the header size and the total size of the image, software version in this update, plus which model the update is for.
·      An RSA signature block of 0x100 bytes, which can be verified by a certain public key hardcoded in the software. The signature covers the described header only.
·      An RSA signature block of 0x100 bytes, which can be decrypted by the same key, and which carries an AES-256 key instead of the digest.
·      Update data, encrypted with AES-256-CBC using the all-zero IV. This decrypts into a gzipped “raw” update image.

The raw update image in turn consists of headers very similar to what can be found in the header partitions followed by a series of images for each partition mentioned in the headers. The image(s) can be processed further to extract the content of interest like the root file system.

Serial Console

Armed with some knowledge of the unit’s software, it was time to revisit the search for the serial console.

By studying the contents of the bootloader partitions, Trend ZDI researchers discovered the bootloader may use values from the backup partitions to decide which values to pass via the `console` and `login` kernel parameters, among other things. Specifically, the sector at byte offset 0x800800 contains that data. The format which this data is in can be reverse engineered both from the bootloader and the NPSystemDebug class implementation. 

Notably, it appears that manipulation of these values could be performed via the UI as the code flow can be traced all the way to the `UI_UIEB_MM_99_018` class which implements two buttons changing the state of the values. However, at the moment of writing it was unknown how to reach that specific UI screen.

Thus, the direct manipulation of the flags was chosen instead. The contents of the backup partition were altered to enable both serial console and the login prompt. After probing the board connectors for any semblance of serial data, it was discovered on CN3603 pin 7.

Connecting a UART-to-USB dongle to that pin confirmed that indeed, console output is present, as well as the login prompt. Only three signals are routed to that connector; however, the RX signal was not immediately identified among those.

Studying the bottom layer of the board showed a single installed passive among several missing ones; this was one resistor pulling up a line otherwise not connected to any connector pin. Probing that line for being the missing RX line resulted in a success. Likely, one of the missing passives should connect that line to a connector pin.

Now it was possible to communicate with the device—and log in locally. Having console access is always a big boon in vulnerability research.

Bluetooth

The vendor lists the following supported Bluetooth profiles:

·      Advanced Audio Distribution Profile (A2DP)
·      Hands-Free Profile
·      Serial Port Profile
·      Audio/Video Remote Control Profile (AVRCP) v1.6

Given the rich history of bugs in Bluetooth-related functionality, this could be an interesting attack vector 

Wi-Fi

The unit can be set up in both the client and access point modes for Wi-Fi.

When in the AP mode, the unit allows using the WPS setup in addition to entering the PSK. This could potentially be an interesting attack angle as WPS flows were historically weak to attacks.

After connecting to the unit in AP mode and running a network scan, the following TCP ports were found to be open: 5000, 38000, 38001, 42000, 43000, and 60000. Nmap script scan only showed that port 5000 uses TLS with a self-signed certificate; other services were not recognized. Using the console access, it is possible to map out the open ports to the corresponding processes (only ports allowed through the iptables are shown here for brevity):

Given the abundance of what looks like non-standard services, Wi-Fi connectivity presents a potenially rewarding target for vulnerability research.

USB

The unit is equipped with a single USB-C port that provides the necessary interface for wired Android Auto and Apple CarPlay. The USB port also supports playback of audio files from a USB flash drive. The supported audio filetypes are 

·      MP3
·      WMA
·      WAV
·      AAC
·      FLAC
·      DSD

The unit also supports video playback with the following formats listed as supported:

·      AVI
·      MPEG
·      DivX
·      MP4
·      3GP
·      MKV
·      FLV
·      WMV/ASF
·      M4V
·      H.263, H.264

In addition, it is also possible to view images in BMP, JPEG, and PNG formats. Parsing complex file formats is error-prone and has been a rich source of exploitable bugs since time immemorial.

Android Auto and Apple CarPlay

Both wired and wireless Android Auto and Apple CarPlay are supported without the need for a third-party application to be installed on the paired mobile phone. When using the wireless versions, the paired phone connects to the aforementioned Wi-Fi network to establish a high-bandwidth channel for data to be sent and received. When connecting using a USB cable, the Wi-Fi network isn't used by Android Auto or Apple CarPlay and can be disabled in Settings. As evidenced above, the `Media` process is likely responsible for handling both.

Pwn2Own Automotive 2024 didn’t see any entries that leveraged Android Auto or Apple CarPlay functionality to compromise a head unit. We will have to wait and see if Pwn2Own Automotive 2025 does!

Summary

We hope that this blog post has provided enough information about the Pioneer DMH-WT7600NEX attack surface to guide vulnerability research. Not every attack surface has been mentioned, and we encourage researchers to investigate further. 

We are looking forward to Automotive Pwn2Own, again to be held in January 2025 at the Automotive World conference in Tokyo. We will see if IVI vendors have improved their product security. Don’t wait until the last minute to ask questions or register! We hope to see you there.

You can find me on Mastodon at @InfoSecDJ, and follow the team on Twitter, Mastodon, LinkedIn, or Bluesky for the latest in exploit techniques and security patches.