F5 Confirms Internal Systems Breach, Source Code and Customer Data At Risk

Network infrastructure provider F5 has confirmed a major security incident, designated K000154696, where a sophisticated nation-state threat actor achieved persistent access to its internal systems. The breach, discovered on August 9, 2025, involved intellectual property related to F5's BIG-IP product line, including portions of its source code.

In addition to source code, the actor exfiltrated internal vulnerability data and a small percentage of customer configuration data. F5 delayed public disclosure until mid-October at the request of the U.S. Department of Justice due to national security considerations. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive immediately following the disclosure.

Security experts suggest the combination of stolen source code and internal vulnerability details could significantly accelerate the development of new exploits, potentially enabling zero-day attacks. The UK National Cyber Security Centre (NCSC) cautioned that exploitation could lead to access to embedded credentials, facilitate lateral movement, and establish persistent system access within compromised networks.

F5 has implemented several response measures, including infrastructure hardening, rotating credentials, and enhancing monitoring. The company also released updates for its BIG-IP products to address vulnerabilities. F5 stated there is no evidence of access to customer relationship management, financial, or support systems.