Select your country

Belgium

China

Denmark

France

Germany

Global

Maghreb & West Africa

Netherlands

Norway

South Africa

Sweden

Switzerland

United Kingdom

Not finding what you are looking for, select your country from our regional selector:

Zoeken

  1. Netherlands
  2. Inspiratie
  3. Blog
  4. Threat
  5. Cyberattack op F5

Cyberattack op F5

CERTIntelligence-led SecurityF5
Afbeelding persoon kijkt naar stad

Share

Context bij dit bericht

De recente cyberaanval op F5 trekt wereldwijd veel aandacht. Onze internationale organisatie, Orange Cyberdefense Group, heeft hierover een nieuwsbericht uitgebracht met de belangrijkste informatie en aanbevelingen.

Om snelheid en duidelijkheid te waarborgen, delen wij dit bericht hieronder ongewijzigd.

 

Update 1:

The threat actor that compromised the F5 environment was present for over a year in parts of F5’s environment. F5 is contacting clients whose data was stored on the development environment that was exposed to the threat actor.

Consider prioritize the patching of F5 vulnerabilities with the flowing CVEs:

•             CVE-2025-53868 (CVSS v3.1 8.7, link for our Vulnerability Intelligence customers): A BIG-IP SCP/SFTP command injection enabling bypass of the "Appliance mode" restriction (affecting v15.x-17.x).

•             CVE-2025-61955 and CVE-2025-57780 (both CVSS v3.1 8.8): Privilege escalation flaws in F5's F5OS-A and F5OS-C (appliance and standard modes). An authenticated user could bypass "Appliance mode" restrictions.

F5 released an advisory that can help with deploying CrowdStrike’s Falcon sensor on F5 BIG-IP devices.[WR1] 

 

Original post

In a recent United States Security Exchange Commission filing F5 revealed that it was the victim of a broad and far reaching cyberattack. The incident, disclosed on October 15, 2025, revealed that a sophisticated threat actor gained prolonged access to internal systems, including source code and technical information related to previously undisclosed vulnerabilities.

While F5 reports that customer systems were not directly compromised, the theft did include F5 proprietary source code, technical details of undisclosed vulnerabilities, and client confidential documents.

F5 recommends that clients rotate digital certificates associated with F5 and apply patches per the F5 advisory.

We will update this blog as we gather more insights about the incident.

For a detailed overview of this advisory, you need to have a subscription to our CERT World Watch Portal.

External links:

https://www.sec.gov/Archives/edgar/data/1048695/000104869525000149/ffiv-20251015.htm

https://my.f5.com/manage/s/article/K000157005

https://my.f5.com/manage/s/article/K000156572

https://portal.cert.orangecyberdefense.com/vulns/113413 

https://unit42.paloaltonetworks.com/nation-state-threat-actor-steals-f5-source-code/

https://my.f5.com/manage/s/article/K000156881

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.

Tel: +31 184 78 81 11