On October 15, 2025, F5 reported {that a} nation-state risk actor had gained long-term entry to some F5 programs and exfiltrated information, together with supply code and details about undisclosed product vulnerabilities. This data could allow risk actors to compromise F5 gadgets by growing exploits for these vulnerabilities. The UK Nationwide Cyber Safety Centre additionally notes that compromises may result in credential theft, lateral motion, information exfiltration, and chronic entry.
Impacted programs embrace the BIG-IP product improvement setting and engineering information administration platforms. Recognized {hardware} consists of BIG-IP iSeries, rSeries, and different F5 gadgets which have reached finish of assist. BIG-IP (F5OS), BIG-IP (TMOS), Digital Version (VE), BIG IP Subsequent, BIG- IQ, and BIG-IP Subsequent for Kubernetes (BNK) / Cloud-Native Community Features (CNF) software program can be affected.
As of this publication, there isn’t a proof that F5 buyer networks have been impacted.
Really useful actions
Organizations ought to establish weak F5 cases of their environments and improve as applicable. Moreover, organizations ought to monitor the F5 advisory for up to date data and mitigations.
Sophos actions
Sophos doesn’t depend on F5 merchandise. Counter Risk Unit™ (CTU) researchers are monitoring for exercise indicating exploitation of F5 vulnerabilities.
