F5 BIG-IP source code and vulnerability data leak
Data Leak
Summary
Hide ▲
Show ▼
F5 disclosed that a nation-state threat actor maintained long-term, persistent access to its BIG-IP product development environment and engineering knowledge management platforms, then exfiltrated files containing some BIG-IP source code, undisclosed vulnerability information, and limited customer configuration and implementation details. The company said the exposure was identified on August 9, 2025 and publicly disclosed on October 15, 2025. F5 said it found no evidence of active exploitation, no suspicious code modifications, and no material impact on operations.
Related Happenings
F5 BIG-IP APM active exploitation wave (CVE-2025-53521)
Exploitation Wave
First: 02.04.2026 11:25
Last: 02.04.2026 11:25
Sources 1
About this happening:
As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...
F5 BIG-IP APM active exploitation wave (CVE-2025-53521)
Exploitation WaveAbout this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...
F5 BIG-IP APM unauthenticated RCE (CVE-2025-53521)
Vulnerability
First: 30.03.2026 10:07
Last: 30.03.2026 10:07
Sources 1
About this happening:
**CVE-2025-53521** is being **actively exploited** against **F5 BIG-IP APM** deployments, creating **unauthenticated remote code execution** risk for exposed systems. The flaw aff...
F5 BIG-IP APM unauthenticated RCE (CVE-2025-53521)
VulnerabilityAbout this happening: **CVE-2025-53521** is being **actively exploited** against **F5 BIG-IP APM** deployments, creating **unauthenticated remote code execution** risk for exposed systems. The flaw aff...
CISA KEV patch directive for CVE-2025-53521
Advisory/Mitigation
First: 30.03.2026 10:07
Last: 30.03.2026 10:07
Sources 1
About this happening:
CISA added **CVE-2025-53521** to its **KEV catalog** and told **federal agencies** to patch the F5 BIG-IP flaw within **three days**. The directive is urgent because the bug is be...
CISA KEV patch directive for CVE-2025-53521
Advisory/MitigationAbout this happening: CISA added **CVE-2025-53521** to its **KEV catalog** and told **federal agencies** to patch the F5 BIG-IP flaw within **three days**. The directive is urgent because the bug is be...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector Action
First: 17.03.2026 07:23
Last: 17.03.2026 07:23
Sources 1
About this happening:
CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector ActionAbout this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
F5 BIG-IP and related products Quarterly Security Notification (multiple vulnerabilities)
Security Patch Release
First: 16.10.2025 11:39
Last: 16.10.2025 11:39
Sources 1
About this happening:
**F5**'s **Quarterly Security Notification** told customers to apply security updates for **BIG-IP**, **F5OS**, **BIG-IP Next for Kubernetes**, **BIG-IQ** and **APM clients**, mak...
F5 BIG-IP and related products Quarterly Security Notification (multiple vulnerabilities)
Security Patch ReleaseAbout this happening: **F5**'s **Quarterly Security Notification** told customers to apply security updates for **BIG-IP**, **F5OS**, **BIG-IP Next for Kubernetes**, **BIG-IQ** and **APM clients**, mak...
Timeline
-
15.10.2025 16:32 2 articles · 7mo ago
F5 detects unauthorized access to BIG-IP systems
Detection Ioc UpdateF5 first became aware of unauthorized access to its systems on August 9, 2025, and later determined that the threat actor had maintained long-term, persistent access to the BIG-IP product development environment and engineering knowledge management platform, exfiltrating files that included portions of BIG-IP source code, undisclosed vulnerability information, and some configuration and implementation details for a limited number of customers.
Show sources
- F5 says hackers stole undisclosed BIG-IP flaws, source code — www.bleepingcomputer.com — 15.10.2025 16:32
- F5 says hackers stole undisclosed BIG-IP flaws, source code — www.bleepingcomputer.com — 15.10.2025 16:32
-
15.10.2025 16:32 4 articles · 7mo ago
F5 publicly discloses the BIG-IP source code leak
Initial DisclosureF5 publicly disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code, while stating that it had no evidence of exploit use, no evidence that the private information had been disclosed, no suspicious code modifications, and no material impact on operations.
Show sources
- F5 says hackers stole undisclosed BIG-IP flaws, source code — www.bleepingcomputer.com — 15.10.2025 16:32
- F5 says hackers stole undisclosed BIG-IP flaws, source code — www.bleepingcomputer.com — 15.10.2025 16:32
- F5 says hackers stole undisclosed BIG-IP flaws, source code — www.bleepingcomputer.com — 15.10.2025 16:32
- F5 BIG-IP Environment Breached by Nation-State Actor — www.darkreading.com — 15.10.2025 22:08
-
15.10.2025 16:32 2 articles · 7mo ago
F5 detects unauthorized access to BIG-IP systems
Detection Ioc UpdateF5 first became aware of unauthorized access to its systems on August 9, 2025, and later determined that the threat actor had maintained long-term, persistent access to the BIG-IP product development environment and engineering knowledge management platform, exfiltrating files that included portions of BIG-IP source code, undisclosed vulnerability information, and some configuration and implementation details for a limited number of customers.
Show sources
- F5 says hackers stole undisclosed BIG-IP flaws, source code — www.bleepingcomputer.com — 15.10.2025 16:32
- F5 says hackers stole undisclosed BIG-IP flaws, source code — www.bleepingcomputer.com — 15.10.2025 16:32
-
15.10.2025 16:32 1 articles · 7mo ago
DOJ approves delayed disclosure for F5
Legal Policy Action UpdateOn September 12, 2025, the U.S. Department of Justice determined that delayed public disclosure was warranted under Item 1.05(c) of Form 8-K, and F5 said it was filing the report in a timely manner. The action affected when the breach could be publicly disclosed.
Show sources
- F5 says hackers stole undisclosed BIG-IP flaws, source code — www.bleepingcomputer.com — 15.10.2025 16:32
-
15.10.2025 16:32 4 articles · 7mo ago
F5 publicly discloses the BIG-IP source code leak
Initial DisclosureF5 publicly disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code, while stating that it had no evidence of exploit use, no evidence that the private information had been disclosed, no suspicious code modifications, and no material impact on operations.
Show sources
- F5 says hackers stole undisclosed BIG-IP flaws, source code — www.bleepingcomputer.com — 15.10.2025 16:32
- F5 says hackers stole undisclosed BIG-IP flaws, source code — www.bleepingcomputer.com — 15.10.2025 16:32
- F5 says hackers stole undisclosed BIG-IP flaws, source code — www.bleepingcomputer.com — 15.10.2025 16:32
- F5 BIG-IP Environment Breached by Nation-State Actor — www.darkreading.com — 15.10.2025 22:08