Hack Attack! F5’s BIG-IP Source Code and Secrets Stolen by Nation-State Hacker
F5 disclosed a long-term cyber compromise by a nation-state actor, targeting its BIG-IP suite. Attackers stole sensitive source code and vulnerability details, potentially paving the way for swift exploitation. With over 600,000 instances exposed online, it’s a cyber thriller where BIG-IP plays a starring role in a high-stakes digital heist.
Hot Take:
F5 has been caught in a tangled web of espionage, as a nation-state threat actor swiped their source code and some juicy vulnerability secrets. It’s a bit like finding out your diary has been leaked, but instead of teenage angst, it’s full of software secrets that could potentially wreak havoc on a global scale. And let’s not forget the 600,000 F5 Big-IP instances just waiting to be poked and prodded on the internet. Time to batten down the hatches, folks!
Key Points:
– Nation-state threat actor compromised F5’s corporate networks, stealing source code and undisclosed vulnerability details.
– Over 600,000 F5 Big-IP instances are exposed to the internet, raising concerns about potential exploitation.
– Critical vulnerabilities identified: CVE-2025-53868, CVE-2025-61955, and CVE-2025-57780 with CVSS scores up to 8.8.
– No evidence of data exfiltration from F5’s customer-related systems, but some configuration information was stolen.
– F5 is racing to patch vulnerabilities, with 45 disclosed this quarter compared to just six last quarter.