Redazione RHC : 16 October 2025 07:28
A serious security incident has been reported by F5, a leading provider of application security and delivery solutions.
A complex nation-state threat actor had gained long-term access to internal systems, leading to the exfiltration of sensitive files. The compromised data included source code and information about previously undisclosed vulnerabilities.
According to the company’s official statement, the actor downloaded files containing proprietary source code for its flagship BIG-IP software, which manages load balancing and security for millions of enterprise applications worldwide.
While F5 has stated that no critical exploits or active attacks against its customers have been identified, the breach highlights vulnerabilities inherent in even the most secure development environments. The intrusion, which occurred in August 2025, granted the attackers continuous access to F5’s BIG-IP product development environment and technical knowledge management platforms.
The leaked data also included details of vulnerabilities that F5 was actively investigating and fixing, so-called zeroday bugs. The company, however, clarified that these vulnerabilities were not critical in terms of remote code execution and showed no evidence of real-world exploitation.
The F5 investigation , supported by cybersecurity firm CrowdStrike and Mandiant, found no evidence of tampering with the software supply chain, including build pipelines or released code.
Independent reviews by NCC Group and IOActive have essentially confirmed that no changes were made that could introduce backdoors into customer distributions. They also appear to have preserved critical areas, such as the NGINX source code, F5 distributed cloud services, and Silverline’s DDoS safeguards.
F5 acted quickly to contain the threat, rotating credentials, strengthening access controls, and implementing advanced monitoring tools . Since containment , no further unauthorized activity has occurred.
To protect users, the company has released urgent patches for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients in the October 2025 Quarterly Security Notification. Customers are encouraged to apply these updates immediately, even in the absence of known exploits.
Redazione