Tech News
← Back to articles

F5 says hackers stole undisclosed BIG-IP flaws, source code

2025-10-31 | original
read original related products more articles

U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code.

The company states that it first became aware of the breach on August 9, 2025, with its investigations revealing that the attackers had gained long-term access to its system, including the company's BIG-IP product development environment and engineering knowledge management platform.

With this access, the threat actors were able to steal source code, vulnerability information, and some configuration and implementation information for a limited number of customers.

"During the course of its investigation, the Company determined that the threat actor maintained long-term, persistent access to certain F5 systems, including the BIG-IP product development environment and engineering knowledge management platform," reads a Form 8-K filing with the SEC.

"Through this access, certain files were exfiltrated, some of which contained certain portions of the Company's BIG-IP source code and information about undisclosed vulnerabilities that it was working on in BIG-IP."

F5 is a Fortune 500 tech giant specializing in cybersecurity, cloud management, and application delivery networking (ADN) applications. The company has 23,000 customers in 170 countries, and 48 of the Fortune 50 entities use its products.

BIG-IP is the firm's flagship product used in ADN and traffic management by many large enterprises worldwide.

Despite this critical exposure of undisclosed flaws, F5 says there's no evidence that the attackers leveraged the information in actual attacks, such as exploiting the undisclosed flaw against systems. The company also states that it has not seen evidence that the private information has been disclosed.

F5 claims that the threat actors' access to the BIG-IP environment did not compromise its software supply chain or result in any suspicious code modifications.

This includes its platforms that contain customer data, such as its CRM, financial, support case management, or iHealth systems. Furthermore, other products and platforms managed by the company are not compromised, including NGINX, F5 Distributed Cloud Services, or Silverline systems' source code.

... continue reading

Related:
Microsoft Will Finally Kill Obsolete Cipher That Has Wrecked Decades of Havoc
Self-Driving Technology Maker Luminar Files Bankruptcy
Stillness, authenticity, and the hardest work of all
Disney’s OpenAI deal is exclusive for just one year — then it’s open season
Disney’s OpenAI deal is exclusive for just one year — then it’s open season

© 2025 GoKawiil