![\"F5\"](\"https:\/\/www.europesays.com\/us\/wp-content\/uploads\/2025\/10\/F5.jpg\")
<\/p>\n<\/p>\n
U.S. cybersecurity company F5 disclosed that nation-state\u00a0hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code.<\/p>\n
The company states that it first became aware of the breach\u00a0on August 9, 2025, with its\u00a0investigations revealing that the attackers had gained long-term access to its system, including the company’s BIG-IP product development environment and engineering knowledge management platform.<\/p>\n
F5 is a Fortune 500 tech giant specializing in cybersecurity, cloud management, and application delivery networking (ADN) applications. The company has 23,000 customers in 170 countries, and 48 of the Fortune 50 entities use its products.<\/p>\n
BIG-IP is the firm’s flagship product used for application delivery\u00a0and traffic management by many large enterprises worldwide.<\/p>\n
No supply-chain risk<\/p>\n
It\u2019s unclear how long the hackers maintained access, but the company confirmed that they\u00a0stole source code, vulnerability data, and some\u00a0configuration and implementation details for a limited number of customers.<\/p>\n
“Through this access, certain files were exfiltrated, some of which contained certain portions of the Company’s BIG-IP source code and information about undisclosed vulnerabilities that it was working on in BIG-IP,” the company states<\/a>.<\/p>\n Despite this critical exposure of undisclosed flaws, F5 says there’s no evidence that the attackers leveraged the information in actual attacks, such as exploiting\u00a0the undisclosed flaw against systems. The company also states that it has not seen evidence that the private information has been disclosed.<\/p>\n F5 claims that the threat actors’ access to the BIG-IP environment did not compromise its software supply chain or result in any suspicious code modifications.<\/p>\n This includes its platforms that contain customer data, such as its CRM, financial, support case management, or iHealth systems. Furthermore, other products and platforms managed by the company are not compromised, including NGINX, F5 Distributed Cloud Services, or Silverline systems’ source code.<\/p>\n Response to the breach<\/p>\n After discovering the intrusion, F5 took remediation action by tightening access to its systems, and improving\u00a0its overall threat monitoring, detection, and response capabilities:<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
\n<\/ul>\n Additionally, the company also focuses\u00a0on the security of its products through source code reviews and security assessements\u00a0with support from NCC Group and IOActive.<\/p>\n NCC Group’s assessment covered security reviews<\/a> of critical software components in BIG-IP and portions of the development pipeline in an effort that involved 76 consultants.<\/p>\n IOActive’s expertise was called in after the security breach and the engagement is still in progress<\/a>. The results so far show no evidence of the threat actor introducing vulnerablities in critical F5 software source code or\u00a0the software development build pipeline.<\/p>\n Customers should take action<\/p>\n F5 is still reviewing which customers had their configuration or implementation details stolen and will contact them with guidance.<\/p>\n To help customers secure their F5 environments against risks stemming from the breach, the company released updates for\u00a0\u00a0BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients.<\/p>\n Despite any evidence “of undisclosed critical or remote code execution vulnerabilities,” the company urges customers to prioritize installing the new BIG-IP software updates.\u00a0<\/p>\n Furthermore, F5 support makes available a threat hunting guide for customers to improve detection and monitoring in their environment.<\/p>\n New\u00a0best practices for hardening F5 systems now include automated checks to the\u00a0F5 iHealth Diagnostic Tool<\/a>, which can now\u00a0flag\u00a0security risks, vulnerabilities, prioritize\u00a0actions, and provide remediation guidance.<\/p>\n Another recommendation is to enable\u00a0BIG-IP event streaming to\u00a0SIEM and configure the systems to log to a remote syslog server<\/a> and monitor for login attempts<\/a>.<\/p>\n “Our global support team is available to assist. You can open a MyF5 support case or contact F5 support directly for help updating your BIG-IP software, implementing any of these steps, or to address any questions you may have” – F5<\/a><\/p>\n The company added that it has validated the safety of BIG-IP releases through multiple independent reviews by leading cybersecurity firms, including CrowdStrike and Mandiant.<\/p>\n Additional guidance for F5 customers comes from\u00a0UK’s National Cyber Security Centre (NCSC) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).<\/p>\n Both agencies recommmend\u00a0identifying all F5 products (hardware, software, and virtualized) and making sure that no management interface is exposed on the public web. If an exposed interface is discovered, companies should make compromise assessment.<\/p>\n F5 notes that it delayed the public disclosure of the incident at the U.S. government’s request, presumably to allow enough time to secure critical systems.<\/p>\n “On September 12, 2025, the U.S. Department of Justice determined that a delay in public disclosure was warranted pursuant to Item 1.05(c) of Form 8-K. F5 is now filing this report in a timely manner,” explains F5.<\/p>\n F5 states that the incident has no material impact on its operations. All services remain available and are considered safe, based on the latest available evidence.<\/p>\n BleepingComputer has contacted F5 to request more details about the incident, and we will update this post when we receive a response.<\/p>\n This is a developing story.<\/p>\n\n
![\"Picus](\"https:\/\/www.europesays.com\/us\/wp-content\/uploads\/2025\/10\/bas-summit.jpg\")