Bug hunters earned $129,000 for Tesla charger exploits and over $700,000 total in two days at Pwn2Own Automotive 2025.
During Day 2 of Pwn2Own Automotive 2025 organizers awarded $335,500, which brings the event total to $718,250. So far, the researchers have demonstrated 39 unique zero-days.
The team SinSinology leads the Master of Pwn chart.
Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) chained two vulnerabilities to exploit the WOLFBOX charger for the first time at the Pwn2Own. The researchers earned $50,000 and 5 Master of Pwn points.
The PHP Hooligans team exploited a Tesla Wall Connector bug to crash and take over it, earning $50,000 and 5 Master of Pwn points.
The team Synacktiv exploited a logic bug as a part of their chain to hack the Tesla Wall Connector via the Charging Connector. The team earned $45,000 and 7 Master of Pwn points.
The white hat hackers from HT3 Labs (@ht3labs) chained a missing authentication bug with an OS command injection issue to exploit the Phoenix Contact CHARX. They earned $25,000 and 5 Master of Pwn points.
The complete list of Day Two results are available here.
Yesterday, Trend Micro’s Zero Day Initiative (ZDI) announced that over $380,000 was awarded on Day 1 of the Pwn2Own Automotive 2025.
In total, the organizers awarded $382,750 for 16 unique working zero-day exploits targeting infotainment systems, electric vehicle (EV) chargers, and automotive operating systems.
No attempts were made to demonstrate vulnerabilities in a Tesla vehicle, despite organizers offered a $500,000 reward for an autopilot exploit.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Pwn2Own Automotive 2025)
