Read the original SEC filing excerpt
Item 1.05 Material Cybersecurity Incidents On August 9, 2025, F5, Inc. (the "Company", "F5", "we", or "our") learned that a highly sophisticated nation-state threat actor had gained unauthorized access to certain Company systems. The Company promptly activated its incident response processes, and has taken extensive actions to contain the threat actor. To support these activities, the Company engaged leading external cybersecurity experts. The Company believes its containment actions have been successful and, since the initiation of its containment efforts, has not observed any evidence of new unauthorized activity. The investigation, monitoring, and related activities are ongoing. The Company is actively engaged with federal law enforcement and government partners in connection with this incident. Additionally, the Company is implementing further measures to strengthen its security environment and protect its customers. During the course of its investigation, the Company determined that the threat actor maintained long-term, persistent access to certain F5 systems, including the BIG-IP product development environment and engineering knowledge management platform. Through this access, certain files were exfiltrated, some of which contained certain portions of the Company's BIG-IP source code and information about undisclosed vulnerabilities that it was working on in BIG-IP. We are not aware of any undisclosed critical or remote code vulnerabilities, and we are not aware of active exploitation of any undisclosed F5 vulnerabilities. We have no evidence of modification to our software supply chain, including our source code and our build and release pipelines. This assessment has been validated through independent reviews by leading cybersecurity research firms. We have no evidence of access to, or exfiltration of, data from our CRM, financial, support case management, or iHealth systems. However, some of the exfiltrated files from our knowledge management platform contained configuration or implementation information for a small percentage of customers. The Company is currently reviewing the contents of these files and will communicate with affected customers directly as appropriate. We have no evidence that the threat actor accessed or modified the NGINX source code or product development environment, nor do we have evidence they accessed or modified our F5 Distributed Cloud Services or Silverline.