The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) has issued an urgent advisory following a significant cybersecurity incident involving global technology provider F5. The breach has been described by experts as one of the most serious in recent memory, with national security implications.
F5 confirmed the incident in its October 2025 quarterly security notification, revealing multiple critical vulnerabilities across its product portfolio and an active compromise of its systems. The company stated that a coordinated patch release is now available to help customers secure and maintain supported versions of all F5 environments.
Bob Huber, Chief Security Officer at Tenable, underscored the gravity of the situation, saying: “The F5 incident is as bad as you think. Make no mistake, the breach at F5 is a five-alarm fire for national security. The company reported that a nation-state adversary has stolen the digital blueprints—source code and undisclosed vulnerability data—for F5’s BIG-IP technology.”
F5’s BIG-IP products are widely deployed in enterprise networks, data centres, and cloud environments around the world—including within Australian government and corporate systems—making the breach particularly concerning.
The ACSC advisory confirms that F5’s October 2025 notification outlines multiple newly discovered and previously unresolved issues affecting various platforms, including BIG-IP, BIG-IP Next, F5OS-A/C, and Silverline devices. Impacted software versions range from 15.x to 17.x, as well as Next SPK, CNF, and Kubernetes variants.
To mitigate the risk of exploitation, the ACSC recommends that affected organisations:
- Review F5 article K000154696: F5 Security Incident for recommended actions.
- Review K000156572: Quarterly Security Notification (October 2025) for affected versions and patch levels.
- Review K67091411: Guidance for Quarterly Security Notifications for ongoing management.
- Apply the fixed versions or engineering hotfixes listed in the advisory.
- For systems at end of technical support, upgrade to supported devices.
- Monitor for future updates and subscribe to F5 security advisories.
Australian organisations using F5 technologies are urged to act immediately to assess exposure and apply the necessary patches. Systems not updated remain at high risk of exploitation, particularly given the potential for attackers to weaponise the stolen source code and vulnerability data.
The ACSC advises any organisation that has been impacted or suspects compromise to contact the centre for assistance via 1300 CYBER1 (1300 292 371).
Further details are available via the official alert on Cyber.gov.au under “Multiple high-severity vulnerabilities in F5 products and incident impacting F5.”
