Hackers Breach F5 and Stole BIG-IP Source Code and Undisclosed Vulnerability Data

F5 Networks confirmed that a sophisticated nation-state threat actor infiltrated its systems, exfiltrating proprietary BIG-IP source code and confidential vulnerability information.

The incident, which began in August 2025, targeted F5’s product development and engineering knowledge platforms, prompting an immediate response and a suite of mitigation efforts to safeguard customers and restore trust.

Persistent Access Uncovered in Development Environments

According to F5’s published advisory, investigators discovered that the attacker maintained long-term access to the BIG-IP product development environment and the engineering knowledge management system.

Files containing core BIG-IP source code and details about undisclosed vulnerabilities under development were confirmed taken, though F5 reports no evidence of critical remote-code-execution flaws in the stolen data, nor of active exploitation in the wild.

Independent reviews by NCC Group and IOActive corroborated that the software supply chain—including build and release pipelines—remains uncompromised, and there is no sign of tampering ...