Tech News
← Back to articles

F5 says hackers stole undisclosed BIG-IP flaws, source code

2025-10-31 | original
read original related products more articles

U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code.

The company states that it first became aware of the breach on August 9, 2025, with its investigations revealing that the attackers had gained long-term access to its system, including the company's BIG-IP product development environment and engineering knowledge management platform.

F5 is a Fortune 500 tech giant specializing in cybersecurity, cloud management, and application delivery networking (ADN) applications. The company has 23,000 customers in 170 countries, and 48 of the Fortune 50 entities use its products.

BIG-IP is the firm's flagship product used for application delivery and traffic management by many large enterprises worldwide.

No supply-chain risk

It’s unclear how long the hackers maintained access, but the company confirmed that they stole source code, vulnerability data, and some configuration and implementation details for a limited number of customers.

"Through this access, certain files were exfiltrated, some of which contained certain portions of the Company's BIG-IP source code and information about undisclosed vulnerabilities that it was working on in BIG-IP," the company states.

Despite this critical exposure of undisclosed flaws, F5 says there's no evidence that the attackers leveraged the information in actual attacks, such as exploiting the undisclosed flaw against systems. The company also states that it has not seen evidence that the private information has been disclosed.

F5 claims that the threat actors' access to the BIG-IP environment did not compromise its software supply chain or result in any suspicious code modifications.

This includes its platforms that contain customer data, such as its CRM, financial, support case management, or iHealth systems. Furthermore, other products and platforms managed by the company are not compromised, including NGINX, F5 Distributed Cloud Services, or Silverline systems' source code.

... continue reading

Related:
Microsoft Will Finally Kill Obsolete Cipher That Has Wrecked Decades of Havoc
Self-Driving Technology Maker Luminar Files Bankruptcy
Stillness, authenticity, and the hardest work of all
How Cyber Insurance MGAs Shape Policies for Evolving Cyber Risks
Disney’s OpenAI deal is exclusive for just one year — then it’s open season

© 2025 GoKawiil