WhatsApp 0-Click RCE Exploit Worth $1 Million at Pwn2Own Ireland 2025

Cybersecurity researchers have a massive incentive to target WhatsApp this fall, as the Zero Day Initiative (ZDI) announced a record-breaking $1 million bounty for a zero-click remote code execution exploit against the popular messaging platform at Pwn2Own Ireland 2025.

The unprecedented prize represents the largest single bounty in Pwn2Own history and is made possible through a partnership with Meta, WhatsApp’s parent company, which is co-sponsoring this year’s competition.

The contest will take place from October 21-24, 2025, at ZDI’s offices in Cork, Ireland.

“We introduced this category last year, but no one attempted it. Perhaps a number with two commas will provide the needed motivation,” ZDI officials stated in their announcement.

The million-dollar prize specifically targets zero-click WhatsApp vulnerabilities that lead to code execution, meaning exploits that require no user interaction to compromise a device.

Meta’s significant investment in the bounty program reflects the critical importance ...