- F5 recently suffered a breach which saw attackers steal BIG-IP source code and vulnerability data
- Over 266,000 BIG-IP devices are exposed online, mostly in the US, Europe, and Asia
- CISA issued emergency patch deadlines to protect federal networks from potential exploitation
More than 266,000 F5 BIG-IP instances connected to the public internet could be at risk of cyberattacks following the recent cyberattack suffered by the compay, experts have warned.
F5 recently reported a “nation-state affiliated cyber threat actor” had stolen sensitive files including a portion of BIG-IP source code, and vulnerability information. With this data, the attackers could reportedly analyze F5’s products, find zero-days, and develop different exploits and malware.
The company pushed an emergency patch to fix all of the known vulnerabilities, and stressed that there was no immediate danger since critical or remotely exploitable vulnerabilities were not among the stolen files, and so far, there’s been no evidence of exploitation in the wild.
Attack surface
Now, Shadowserver Foundation, a security nonprofit that monitors the internet for malicious activity and helps improve global cybersecurity, says that there are more than 266,000 F5 BIG-IP instances exposed online that could potentially be a target.
The majority (around 142,000) are located in the United States, with Europe and Asia holding another 100,000.
The nonprofit does not know how many of these instances were patched against these flaws. It’s safe to assume that at least some of them were patched, so the attack surface is likely somewhat smaller than this.
At the same time, The US Cybersecurity and Infrastructure Security Agency (CISA) urged Federal Civilian Executive Branch (FCEB) agencies to catalog and patch F5 products in their tech stack to minimize the risk.
In the ED 26-01 emergency directive, CISA said the breach was an “imminent threat to federal networks” using F5’s products since it could result in the compromise of API keys, data exfiltration, and even full compromise of targeted systems.
For F5OS, BIG-IP TMOS, BIG-IQ, and BNK/CNF products, the deadline for patching is October 22, 2025, while for all other F5 products, it is October 31.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
