2:00pm, 16 October 2025
TLP Rating:
Security incident affecting F5 and BIG-IP
The NCSC would like to draw your attention to potential exploitation activity targeting F5 BIG-IP products. The NCSC is aware of actors gaining unauthorised access to the F5 network that could enable attempts to exploit vulnerable instances of several F5 BIG-IP products.
What's happening
Systems affected
The following hardware and software may be affected by this activity:
- Hardware: BIG-IP iSeries, rSeries, or any other F5 device that has reached end of support.
- Software: All devices running BIG-IP (F5OS), BIG-IP (TMOS), Virtual Edition (VE), BIG IP Next, BIG- IQ, and BIG-IP Next for Kubernetes (BNK) / Cloud-Native Network Functions (CNF).
What to look for
How to tell if you're at risk
Running a F5 BIG-IP product in the list provided (see Systems affected).
What to do
Prevention
Identify all instances of F5 BIG-IP products (listed above) being used.
Harden all BIG-IP physical or virtual devices exposed to the public internet according to Hardening your F5 External Link system, particularly those with a networked management interface exposed.
Apply the latest vendor-provided update for each product. Continue to monitor the vendor website and apply future patches as soon as possible once they are released.
For all public-facing F5 devices that have reached end of support, disconnect and decommission these devices if possible.
More information
The NCSC encourages organisations in New Zealand that use the affected products to review the vendor advisory External Link and apply the remediations as soon as possible.
If mitigation or remediation is not possible, the NCSC recommends that these devices should be taken offline if possible.
How helpful was this page?
This site is protected by reCAPTCHA and the Google Privacy Policy External Link and Terms of Service External Link apply.