- F5 recently suffered a breach where attackers stole BIG-IP source code and vulnerability data
- Over 266,000 BIG-IP devices are exposed online, mostly in the US, Europe and Asia
- CISA issued emergency patch deadlines to protect federal networks from potential exploitation
More than 266,000 F5 BIG-IP instances connected to the public internet could be at risk of cyber attack following the recent cyber attack the company suffered, experts have warned.
F5 recently reported that a “nation-state-linked cyber threat actor” had stolen sensitive files including part of the BIG-IP source code and vulnerability information. With this data, the attackers were allegedly able to analyze F5’s products, find zero days, and develop various exploits and malware.
The company pushed an emergency patch to fix all the known vulnerabilities, stressing that there was no immediate danger as critical or remotely exploitable vulnerabilities were not among the stolen files, and so far there has been no evidence of exploitation in the wild.
Attack surface
Now, the Shadowserver Foundation, a nonprofit security organization that monitors the Internet for malicious activity and helps improve global cybersecurity, says there are more than 266,000 F5 BIG-IP instances exposed online that could potentially be a target.
The majority (around 142,000) are located in the USA, with Europe and Asia having another 100,000.
The nonprofit does not know how many of those cases were targeted for those errors. It’s safe to assume that at least some of them were patched, so the attack surface is probably somewhat smaller than this.
At the same time, the US Cybersecurity and Infrastructure Security Agency (CISA) Federal Civilian Executive Branch (FCEB) encouraged agencies to catalog and patch F5 products in their tech stack to minimize risk.
In the ED 26-01 emergency directive, CISA said the breach was an “imminent threat to federal networks” using F5’s products, as it could result in compromise of API keys, data exfiltration and even full compromise of targeted systems.
For F5OS, BIG-IP TMOS, BIG-IQ and BNK/CNF products, the patching deadline is October 22, 2025, while for all other F5 products it is October 31.
Via Bleeping Computer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
