FFIV · Q4 2025 Earnings

Cautious

F5, Inc.

Reported October 27, 2025

30-second summary

F5 beat its own Q4 guide cleanly — revenue $810M (+8.5% YoY), non-GAAP EPS $4.39 vs. $3.87–3.99 guided — but the print is overwhelmed by an October security incident that compresses FY26 revenue growth to 0–4% from a mid-single-digit underlying trajectory and forces a wider-than-typical Q1 range. Management is explicit that H1 takes the brunt and H2 normalizes, but the FY26 operating margin guide of 33.5–34.5% (vs. FY25 actual 35.2%) acknowledges incident fallout flows through to profitability. The bull case from Q3 — non-refresh systems growth, ADSP consolidation, AI deployments — is intact in the underlying pipeline; the question is how much of FY26's pipeline survives customer remediation cycles.

Headline numbers

EPS

Q4 FY2025

$4.39

Revenue

Q4 FY2025

$0.81B

+8.5% YoY

Gross margin

Q4 FY2025

82.2%

Operating margin

Q4 FY2025

25.4%

Key financials

Q4 FY2025

Metric	Q4 FY2025	YoY	Q3 FY2025	QoQ
Revenue	$0.81B	+8.5%	$0.78B	+3.8%
EPS	$4.39	—	$4.16	+5.5%
Gross margin	82.2%	—	81.0%	+120bps
Operating margin	25.4%	—	25.2%	+20bps

Guidance

Guidance is issued for both next quarter and the full year. Both may appear below.

Actuals vs prior guidance

Metric	Period	Prior guide	Actual	Δ	Result
Revenue	Q4 FY2025	$780 million to $800 million	$810 million	+$10 million above high end of guide	Beat
Non-GAAP EPS	Q4 FY2025	$3.87 to $3.99	$4.39	+$0.40 above high end of guide	Beat
Non-GAAP Gross Margin	Q4 FY2025	84.0% to 84.5%	84.3%	in-line with range	Beat
Non-GAAP Operating Margin	Q4 FY2025	at or around 35%	37.0%	+2.0 points above qualitative guide	Beat
Revenue Growth	FY 2025	approximately 9% at the midpoint	9.6%	+0.6 points above prior guidance midpoint	Beat
Non-GAAP EPS Growth	FY 2025	14% to 15% growth	18.3% growth	+3.3-4.3 points above prior guidance range	Beat
Non-GAAP Gross Margin	FY 2025	83% to 84%	81.4%	-1.6 points below low end of guide	Missed
Non-GAAP Operating Margin	FY 2025	at or around 35%	24.8%	-10.2 points below qualitative guide	Missed

New guidance

Metric	Period	Guide	YoY
Revenue	Q1 FY2026	$730 million to $780 million	—
Non-GAAP EPS	Q1 FY2026	$3.35 to $3.85	—
Revenue Growth	FY 2026	0% to 4%	—

Product revenue

Q4 FY2025

Segment	Q4 FY2025	YoY
Systems	$0.186B	+42.0%
Software	$0.229B	+0.3%
Services	$0.396B	+2.0%
Systems Revenue Growth	42.0%	—
Product Revenue Growth	16.0%	—

Management tone

Narrative arc: Hardware reacceleration → Non-refresh secular story → Capacity expansion + AI → Security incident damage control.

Three months ago management was leaning into a structural Systems story and naming AI Gateway POCs. This quarter the framing collapses to incident response. Cooper: "These drivers in our current pipeline support mid-single-digit revenue growth in FY26 against our exceptional 10% growth in FY25. However, we also anticipate some near-term disruption to sales cycles as customers focus on assessing and remediating their environments." The mid-single-digit underlying pipeline is the same story Q3 implied — but the headline guide is 0–4% because of remediation drag. This is a rare moment where management hands you the bridge between underlying demand and reported growth, and explicitly attributes the gap to a one-off.

Security investment language has shifted from operational to strategic. Last quarter security was a roadmap feature; this quarter it is an org-chart change. Francois: "Michael Montoya, a recognized cybersecurity expert and former member of our board, has joined F5 as Chief Technology Operations Officer." The hire plus "significant investment this year and beyond" framing signals that security spend is being structurally re-baselined, which is consistent with the operating margin step-down from 35.2% to 33.5–34.5% guided.

The guidance range itself is a tone signal. Cooper, verbatim: "This is a wider range than we would typically guide, reflecting the potential for some near-term disruption to sales cycles." F5 has been a precision-guider — the Q4 range was $20M wide; the Q1 range is $50M wide. Acknowledging reduced visibility is a posture shift management does not make casually.

The incident's framing escalated from "contained issue" to systemic industry vulnerability. Francois: "it is evident that advanced nation state threat actors are targeting technology companies and most recently perimeter security companies." That language reframes the incident from F5-specific to category-wide — useful for customer conversations, but also a tell that management expects the remediation cycle to be long enough that competitive positioning matters.

The counter-narrative — that the underlying business is accelerating, not decelerating — is being placed deliberately. Francois noted "nearly 900 customers were leveraging F5 XOps capabilities, up from just 20 in 2024" and management cited 1,300 Distributed Cloud customers (up from 800), multi-year software agreements +20% YoY, and SaaS customers +57% YoY. The message: when the dust settles, the platform consolidation thesis is intact.

Recurring themes management leaned on this quarter:

Security incident remediation and customer confidence restorationNear-term sales cycle disruption offsetting longer-term demand tailwindsAI infrastructure adoption driving systems refresh demandPlatform consolidation strategy (ADSP) resonating with hybrid multi-cloud trendsOperating margin resilience despite revenue headwindsElevated security posture as competitive differentiator

Risks management surfaced:

Near-term impact to business from incident response and customer remediation cyclesSales cycle disruption expected to be more pronounced in H1 FY26Subscription software decline trend observed in Q4Customer preference shift toward hardware-based solutions for certain use casesPotential for advanced nation state threat actors targeting technology companies

Q&A highlights

Meta Marshall · Morgan Stanley

What forms of customer conservatism are being accommodated (discounting, purchase delays, incentives)? How much of FY25 systems business growth was driven by product upgrade cycle vs. underlying demand?

Management guided 0-4% growth for FY26 due to near-term security incident impacts expected mostly in H1, driven by: (1) resource allocation disruption at F5 and customers, (2) executive approval delays, (3) potential project cancellations. Systems growth was balanced between tech refresh (~67%) and data center capacity expansion (~33%), with refresh still early in cycle and AI driving new use cases.

0-4% growth guidance for FY26 vs. mid-single digit trajectoryMajority of impact expected in H1 with normalization in H2Two-thirds of FY25 systems growth from tech refresh, one-third from data center>50% of installed base still on legacy product families eligible for refresh

George Noder · Wolf Research

How was the potential impact from the security breach sized? How many customers were affected by configuration information exfiltration or other specific issues?

Management took granular approach profiling revenue by stream, assessing resilience of recurring vs. project-based revenue. Two categories of BIG-IP customer impact: (1) all BIG-IP customers needed to upgrade (resource mobilization), (2) small percentage affected by data exfiltration with most feedback indicating non-sensitive data. No impact to CRM or support systems. Balanced assessment against historical peer incidents.

No evidence of access to F5 Distributed Cloud Services or NGINX environmentsOnly BIG-IP customers impactedSmall percentage of customers affected by data exfiltrationMost customers report exfiltrated data is not sensitive

Tal Lian · Bank of America

Can systems business grow further from FY25 levels (~$180M quarterly) or will it stabilize? What drives software growth from current renewal levels given FY26 guided growth of 5%?

Systems: FY24 was depressed due to asset sweating; FY25 represents catch-up period with refresh still early in cycle and emerging AI-driven data center capacity expansion creating new growth vector. Software: Growth constrained by FY26 renewal base from FY23 (lower due to macro headwinds 3 years ago), but FY27 expected reacceleration. Multi-year agreements up 20% YoY, SaaS customers up 57% YoY, distributed cloud customers grew to 1,300 from 800.

FY25 systems $180M/quarter represents catch-up from depressed FY24 baseline of $130-140MMulti-year software agreements grew 20% YoYSaaS customers grew 57% YoY to baseDistributed cloud customers: 1,300 current vs. 800 prior year

Simon Leopold · Raymond James

What impact is the government shutdown having on U.S. federal business outlook? What is the software vs. hardware mix within the 0-4% FY26 guidance?

Management has assumed disruption in U.S. federal segment in Q1 due to government shutdown (project/approval delays), with hope for normalization over the year. Not providing software/hardware mix guidance given 12 days since breach announcement; will update as demand normalizes in H2. Clarified that the breach affects both software and hardware editions of BIG-IP equally.

U.S. federal business disruption assumed in Q1 due to government shutdownNo software/hardware mix guidance provided for 0-4% FY26 rangeBreach impacts both BIG-IP appliances and virtual editions (software)

Meet Daryani · Evercore ISI

Why is FY26 operating margin the same as Q1 (34%) without back-half leverage? Will the breach dampen ability to implement price increases on hardware given source code compromise?

Q2 is the operating margin low watermark due to payroll tax seasonality and customer event in March; leverage expected in back half. Management not quantifying Q2 opex increase but referenced seasonal trends. On pricing: management stated intent to maintain consistent approach focused on durable customer relationships and demonstrating value through roadmap investments (security enhancements, AI capabilities). Will not change pricing policy.

Q2 is low watermark for operating margins due to seasonalityBack-half margin leverage expected from Q2 baselineNo change to pricing policy or approach intendedContinued investment in security roadmap and AI capabilities (Calypso AI acquisition this quarter)

Answers to last quarter's watch list

Whether non-refresh hardware growth holds the lead over refresh growth. Management reframed the Q4 Systems composition as roughly two-thirds tech refresh and one-third data center expansion — a shift from Q3's narrative that non-refresh was outpacing refresh. The non-refresh secular thesis is still alive (AI data center capacity is the driver) but is not currently the dominant share.

Continue monitoring

Q4 non-GAAP gross margin landing inside the 84.0–84.5% guide. Q4 non-GAAP gross margin printed at 84.3%, inside the range. The Q1 FY26 guide steps down to 82.5–83.5% on incident-related cost and mix, so the structural margin watch persists.

Resolved positively

FY26 software growth quantification. Management did not break out a standalone FY26 software growth number, but software grew just +0.3% in Q4 (vs. +16% in Q3), and the implied FY26 total of 0–4% suggests software grows in the low-single-digits at best against a tough renewal comp. The Q3 "mid-single digits" qualitative frame was, in retrospect, optimistic.

Resolved negatively

AI Gateway POC-to-revenue conversion. F5 did not disclose AI Gateway ARR or a monetization milestone this quarter — the call shifted attention to the security incident and routine adoption metrics (XOps customers from 20 to nearly 900). The Calypso AI acquisition was named but not sized.

Continue monitoring

Service provider trajectory. The segment was not called out as a discrete drag this quarter; the incident absorbed disclosure bandwidth. No sizing was provided.

Continue monitoring

What to watch into next quarter

Q1 FY26 revenue landing above the $755M midpoint. A print at or below the $730M low end would signal incident disruption is worse than the underlying-vs-reported bridge management drew. A print near the high end would validate the H1-concentrated, H2-normalize narrative.

Whether software growth recovers above +5% YoY. Q4's +0.3% needs to be a renewal-timing artifact, not a structural new-deal collapse. Watch the new-deal portion specifically — management did not size it this quarter.

Q1 non-GAAP operating margin holding above 32%. The FY26 guide is 33.5–34.5% with Q2 as the low watermark; if Q1 prints below the FY range, back-half leverage assumptions get tested immediately.

Number of customers reporting sensitive data exfiltration. Management asserted "most" exfiltrated data is non-sensitive — any escalation in customer-disclosed sensitivity changes the litigation and churn calculus.

Whether multi-year software agreements continue at +20% YoY pace. This was the cleanest leading indicator management cited for platform stickiness; deceleration would suggest the breach is impairing the consolidation thesis.

Federal segment recovery from government shutdown drag. Management assumed Q1 disruption with hope of full-year normalization — federal is a discrete line that will either confirm or deny the H2 recovery framework.

Sources

F5 Q4 FY2025 earnings release, October 27, 2025 — https://www.sec.gov/Archives/edgar/data/1048695/000104869525000153/ex991-q425earningsreleasef.htm
F5 Q4 FY2025 prepared remarks and Q&A (Cooper and Francois commentary on security incident scope, FY26 guidance assumptions, segment dynamics, and operating margin framework)

Get the next brief, free.

We publish analyst-grade earnings briefs the same day or morning after every call — headline numbers, segment KPIs, Q&A highlights, and tone analysis. Free during beta.

This is not investment advice.