Contact us
Cloud platform
  • Cyber Threat Intelligence, Emergency Announcement

F5 Networks Breached by State-Sponsored Actor, Source Code for BIG-IP Stolen

Dear all, good afternoon.

F5 Networks disclosed on Wednesday that it was the victim of a cybersecurity breach carried out by a highly sophisticated state-sponsored actor, resulting in the theft of proprietary BIG-IP source code and information regarding previously undisclosed vulnerabilities. The incident, discovered on August 9, 2025, allowed attackers to maintain long-term persistent access to the company’s product development environments and engineering knowledge management platforms.

Also on Wednesday, F5 released security patches for 44 vulnerabilities in its October 2025 Quarterly Security Notification, covering BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients. In parallel, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive ED 26-01, mandating that federal agencies apply security updates by October 22 for critical products and by October 31 for other F5 devices.

The exposure of the source code poses a significant risk, as it allows adversaries to identify and exploit vulnerabilities faster and more effectively. Although F5 stated there is no evidence of active exploitation of the stolen flaws so far, experts warn that the attackers’ insider knowledge substantially lowers the barrier to developing targeted exploits.

In this context, SEK recommends immediate actions for organizations using F5 products:

  • Immediately apply all security updates provided in F5’s October 2025 Quarterly Security Notification, prioritizing internet-exposed devices.
  • Conduct a full inventory of all F5 BIG-IP devices and virtual instances in the corporate environment, identifying versions and exposures.
  • Assess whether management interfaces are directly accessible from the public internet and implement restrictive access controls as recommended by CISA.
  • Immediately rotate credentials for all administrative accounts on F5 devices.

SEK remains available to assist clients in implementing these mitigation measures and strengthening their security posture in response to this emerging threat.

More content like this:
  • Cyber Threat Intelligence, Emergency Announcement

Clop Group Exploits Critical Zero-Day Vulnerability in Oracle E-Business Suite

Oracle has confirmed the active exploitation of a critical zero-day vulnerability in E-Business Suite (EBS), identified as CVE-2025-61882

READ MORE
  • Cyber Threat Intelligence, Emergency Announcement

Zabbix releases fixes for three vulnerabilities in monitoring agents

Zabbix has disclosed three security vulnerabilities affecting multiple versions of its monitoring agents and servers.

READ MORE
Access more content
Where we are
Argentina

Esmeralda 1042, piso 10, CABA, Buenos Aires

Brazil

Av. Tamboré, nº 267, 13º andar, conjunto 131, Torre Norte, Alphaville. CEP 06460-000, Cidade de Barueri - São Paulo

Colômbia

Cra. 45 #114-44. Oficina 404 Edificio Invention Center. Bogotá, Colômbia

Chile

Suecia 0155, Piso 14 7510114 Santiago, Providencia, Región Metropolitana, Chile

Peru

Av. Del Pinar 152 Of. 1101 Chacarilla del Estanque, Santiago de Surco, Lima

Follow SEK on social media:
Linkedin Youtube
Report a concern
The information submitted through this channel will be kept confidential, as will your identity.
Submit your report
Access the manual
Contact us
Cloud Platform
Linkedin Youtube
Privacy Overview
SEK

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Additional Cookies

This website uses the following additional cookies:

(List the cookies that you are using on the website here.)