F5 network compromised

AndyC 16 October 2025

On October 15, 2025, F5 reported that a nation-state threat actor had gained long-term access to some F5 systems and exfiltrated data, including source code and information about undisclosed product vulnerabilities.

F5 network compromised

F5 network compromised

On October 15, 2025, F5 reported that a nation-state threat actor had gained long-term access to some F5 systems and exfiltrated data, including source code and information about undisclosed product vulnerabilities. This information may enable threat actors to compromise F5 devices by developing exploits for these vulnerabilities. The UK National Cyber Security Centre also notes that compromises could lead to credential theft, lateral movement, data exfiltration, and persistent access.

Impacted systems include the BIG-IP product development environment and engineering knowledge management platforms. Identified hardware includes BIG-IP iSeries, rSeries, and other F5 devices that have reached end of support. BIG-IP (F5OS), BIG-IP (TMOS), Virtual Edition (VE), BIG IP Next, BIG- IQ, and BIG-IP Next for Kubernetes (BNK) / Cloud-Native Network Functions (CNF) software is also affected.

As of this publication, there is no evidence that F5 customer networks have been impacted.

Recommended actions

Organizations should identify vulnerable F5 instances in their environments and upgrade as appropriate. Additionally, organizations should monitor the F5 advisory for updated information and mitigations.

Sophos actions

Sophos does not rely on F5 products. Counter Threat Unit™ (CTU) researchers are monitoring for activity indicating exploitation of F5 vulnerabilities.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , ,

More Stories

Enhancing security awareness with cyber risk exposure management

Enhancing security awareness with cyber risk exposure management

AndyC 17 December 2025

4.3B LinkedIn-Style Records Found in One of the Largest Data Exposures Ever

AndyC 17 December 2025

Google to Kill Popular Dark Web Report Tool

AndyC 17 December 2025

Coupang CEO Quits After Breach Hits 33.7M South Koreans

AndyC 17 December 2025

Fake ‘Leonardo DiCaprio’ Torrent Spreads Agent Tesla Malware

AndyC 17 December 2025
Cyber Risk Management: Defenders Tell It Like It Is

Cyber Risk Management: Defenders Tell It Like It Is

AndyC 16 December 2025

You may have missed

SonicWall warns of actively exploited flaw in SMA 100 AMC

SonicWall warns of actively exploited flaw in SMA 100 AMC

AndyC 18 December 2025
Why Venture Capital Is Betting Against Traditional SIEMs

Why Venture Capital Is Betting Against Traditional SIEMs

AndyC 18 December 2025
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

AndyC 18 December 2025
Enterprise Spotlight: Setting the 2026 IT agenda

The Hidden Cost of “AI on Every Alert” (And How to Fix It)

AndyC 18 December 2025
SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

AndyC 18 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.