F5 representatives reported that the company fell victim to an attack by “state-sponsored” hackers who managed to steal confidential information. The attackers maintained access to certain company systems for an extended period, including those related to the development of the flagship BIG-IP platform (used to deliver applications and manage traffic for large enterprises worldwide).
In the documents filed with the U.S. Securities and Exchange Commission, the cybersecurity company reports that the attackers managed to steal a number of files, including those containing BIG-IP source code and information about previously undisclosed vulnerabilities (privately discovered and not yet fixed). Thus, х itself
At the same time, F5 emphasizes that the company is not aware of any non-public vulnerabilities that are rated critical or would enable remote code execution. It is also noted that F5 has no information indicating active exploitation of these undisclosed bugs.
“We have no evidence of any compromise of our software supply chain, including source code and our build and release pipelines,” the company’s statement reads. “There is also no evidence that the attackers gained access to or modified the NGINX source code or the product development environment, nor is there any evidence of access to or changes in our F5 Distributed Cloud Services or Silverline systems.”
Additionally, the company emphasized that the hackers did not have access to data from the CRM, financial systems, iHealth, or support case management systems. However, some of the stolen files did contain configuration data and information about implementations for a “small percentage” of customers. Affected customers will be notified directly.
It is worth noting that the attack was detected as early as August 9, 2025, but the U.S. Department of Justice allowed F5 to delay the disclosure of information about the incident.
F5 representatives are not disclosing any additional information about the attackers or the technical details of the incident.
After the incident was made public, F5 released patches for 44 vulnerabilities (including those whose details were stolen during the attack) and urged customers to update their systems as soon as possible.
“Updates for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients are already available. While we are not aware of any undisclosed critical vulnerabilities or bugs that would allow remote code execution, we strongly recommend updating BIG-IP as soon as possible,” the company says.
The company has also prepared recommendations for protection against cyberattacks, which include installing the October updates. F5 advises administrators to enable BIG-IP event streaming to a SIEM, configure remote syslog servers, and monitor login attempts to receive alerts about administrator login attempts, failed authentications, and privilege and configuration changes.