Tesla Gear Gets Hacked Multiple Times in Pwn2Own Contests

Researchers at the this year's Pwn2Own Automotive hacking contest successfully hacked Tesla's wall connector electric vehicle (EV) charger.
The annual contest focuses on hacking automotive technologies during the Automotive World tradeshow in Tokyo. The contest allows researchers to target car operating systems, electric vehicles, chargers, and infotainment systems in vehicles to uncover hidden vulnerabilities and potential threats.
Zero Day Initiative said the PHP Hooligans used a "numeric range comparison without minimum check" zero-day bug to take over the EV charger and crash it. This feat earned them $50,000 in prize money and five Master of Pwn points.
Right behind them was Synacktic, which hacked the Tesla EV charger through the charging connector.
The PHP Hooligans also exploited 23 other zero-day vulnerabilities in WOLFBOX, ChargePoint Home Flex, Autel MaxiCharger, Phoenix Contact CHARX, and EMPORIA EV chargers.
On day two of the contest, Trend Micro's Zero Day Initiative paid out $718,250 in rewards to onsite security researchers who discovered 39 unique zero-days.
Sina Kheirkhah is currently leading the Pwn2Own contest with 24.5 points, followed by Synacktiv in second place, and PHP Hooligans in third.
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
Free online web security scanner