Major F5 Security Breach and Its Repercussions

F5 Inc. experienced a significant security breach by a sophisticated nation-state actor, leading to the theft of parts of the source code for BIG-IP products, as well as sensitive information about undisclosed vulnerabilities.

Experts have warned that over 266,000 F5 BIG-IP devices connected to the public internet could be vulnerable to cyberattacks as a result of this breach. The majority of these at-risk devices are located in the United States, followed by Europe and Asia.

Some sources indicated that the attackers maintained access to F5's network for at least 12 months before the breach was discovered.

F5's Response and Security Assurances

F5 has released emergency updates to fix all known vulnerabilities, asserting that there is no imminent threat, as critical or remotely exploitable vulnerabilities were not among the stolen files.

No evidence has been found of these vulnerabilities being exploited in the wild so far, suggesting that the threat might be contained.

CISA Warnings and Update Deadlines

In this context, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged federal executive agencies to inventory and update F5 products within their technical infrastructure to mitigate risks.

A CISA emergency directive (ED 26-01) declared the breach an "imminent threat to federal networks" utilizing F5 products, as it could lead to API key compromise, data exfiltration, and even full compromise of targeted systems.

Deadlines have been set for updating affected products: For F5OS, BIG-IP TMOS, BIG-IQ, and BNK/CNF products, the update deadline is October 22, 2025. For all other F5 products, the deadline is October 31.