Data breach on the BIG-IP platform of technology company F5

On 15 October 2025, network and application security company F5 issued a statement reporting unauthorised access to its systems that resulted in a data breach. According to the statement, on 9 August 2025, a malicious actor ‘linked to a nation-state’ gained persistent access to certain F5 systems and downloaded files from them.

Based on its investigation of the incident, F5 confirmed that the threat actor extracted files from its BIG-IP product development environment and engineering knowledge management platforms. BIG-IP is F5's platform for managing application security and traffic. The extracted files contained BIG-IP source code and information about unpublished vulnerabilities that the company was working to mitigate. Some of the leaked files from the knowledge management platform also contained information about customer application configurations.

Access to these systems could allow a malicious actor to exploit F5 software and devices or search for flaws and vulnerabilities in order to develop specific exploits. This could enable actions such as obtaining credentials and access keys, moving laterally within the network, filtering data, or implementing persistent access to the system.

In response to this incident, F5 has indicated that it is taking cybersecurity measures to protect its systems, hiring companies such as CrowdStrike, Mandiant, and other cybersecurity experts.