U.S. cybersecurity company F5 confirmed on Wednesday, October 15, 2025, that it sustained a significant security breach. In a disclosure, the company stated that unidentified threat actors successfully infiltrated its systems, stealing files containing source code for its BIG-IP product line. The stolen data also included information related to undisclosed vulnerabilities within the product.

F5 has attributed the intrusion to a “highly sophisticated nation-state threat actor.” The company’s investigation revealed that the adversary had established and maintained long-term, persistent access to its network, specifically targeting the BIG-IP product development environment. This prolonged access enabled the attackers to exfiltrate sensitive intellectual property, including the core source code that underpins F5’s widely used application delivery and security services.

Official Disclosure and Containment Efforts

According to a Form 8-K filing with the U.S. Securities and Exchange Commission (SEC), F5 first became aware of the breach on August 9, 2025. Following the discovery, the company initiated its incident response protocol to address the intrusion. F5 did not specify the exact duration for which the threat actors had access to its network.

In its public statement, F5 noted, “We have taken extensive actions to contain the threat actor.” The company affirmed that since its response activities began, no new unauthorized activity has been detected and that it believes its containment efforts have proven successful. F5 also emphasized that it has not observed any indication that the stolen vulnerability information has been exploited in attacks against its customers or products.