Pwn2Own Automotive 2025 Day 2: organizers awarded $335,500

Bug hunters earned $129,000 for Tesla charger exploits and over $700,000 total in two days at Pwn2Own Automotive 2025.

During Day 2 of Pwn2Own Automotive 2025 organizers awarded $335,500, which brings the event total to $718,250. So far, the researchers have demonstrated 39 unique zero-days.

The team SinSinology leads the Master of Pwn chart.

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) chained two vulnerabilities to exploit the WOLFBOX charger for the first time at the Pwn2Own. The researchers earned $50,000 and 5 Master of Pwn points.

The PHP Hooligans team exploited a Tesla Wall Connector bug to crash and take over it, earning $50,000 and 5 Master of Pwn points.

The team Synacktiv exploited a logic bug as a part of their chain to hack the Tesla Wall Connector via the Charging Connector. The team earned $45,000 and 7 Master of Pwn points.

The white hat hackers from HT3 Labs (@ht3labs) chained a missing authentication bug with an OS command injection issue to exploit the Phoenix Contact CHARX. They earned $25,000 and 5 Master of Pwn points.

The complete list of  Day Two results are available here.

Yesterday, Trend Micro’s Zero Day Initiative (ZDI) announced that over $380,000 was awarded on Day 1 of the Pwn2Own Automotive 2025.

In total, the organizers awarded $382,750 for 16 unique working zero-day exploits targeting infotainment systems, electric vehicle (EV) chargers, and automotive operating systems. 

No attempts were made to demonstrate vulnerabilities in a Tesla vehicle, despite organizers offered a $500,000 reward for an autopilot exploit.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Pwn2Own Automotive 2025)