- F5 recently suffered a breach that saw attackers steal BIG-IP source code and vulnerability data.
- More than 266,000 BIG-IP devices are exposed online, mainly in the United States, Europe and Asia.
- CISA Issued Emergency Update Deadlines to Protect Federal Networks from Potential Exploitation
More than 266,000 F5 BIG-IP instances connected to the public Internet could be at risk of cyberattacks following the recent cyberattack suffered by the company, experts have warned.
F5 recently reported that a “nation-state-affiliated cyberthreat actor” stole sensitive files, including part of BIG-IP source code and vulnerability information. Using this data, attackers could analyze F5 products, find zero-day vulnerabilities, and develop different exploits and malware.
The company launched an emergency patch to fix all known vulnerabilities and emphasized that there was no immediate danger since critical or remotely exploitable vulnerabilities were not among the stolen files and so far there was no evidence of exploitation in the wild.
Attack surface
Today, Shadowserver Foundation, a nonprofit that monitors malicious activity on the Internet and helps improve global cybersecurity, says there are more than 266,000 exposed F5 BIG-IP instances online that could potentially be a target.
The majority (around 142,000) are located in the United States, with Europe and Asia holding an additional 100,000.
The nonprofit does not know how many of these instances have been patched to fix these flaws. It’s reasonable to assume that at least some of these have been fixed, so the attack surface is probably a bit smaller than that.
At the same time, the US Cybersecurity and Infrastructure Security Agency (CISA) urged Federal Civilian Executive Branch (FCEB) agencies to catalog and patch F5 products in their technology stack to minimize risks.
In Emergency Directive ED 26-01, CISA said the breach posed an “imminent threat to federal networks” using F5 products because it could result in the compromise of API keys, data exfiltration, and even complete compromise of targeted systems.
For F5OS, BIG-IP TMOS, BIG-IQ, and BNK/CNF products, the patch deadline is October 22, 2025, while for all other F5 products it is October 31.
Via BeepComputer
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
