Cloudflare Outage: React Patch Triggered Second Major Internet Disruption

A significant Cloudflare Outage occurred on December 5, 2025, leading to widespread internet disruptions and impacting roughly 28% of all HTTP traffic. This outage lasted for approximately 25 minutes, beginning at 08:47 UTC and concluding at 09:12 UTC. This marks the second major incident for Cloudflare this month, following a similar Cloudflare Outage on November 18, 2025. Such events highlight the critical web infrastructure Cloudflare provides.

The Incident Unfolds During a Cloudflare Outage

Services went down globally during the Cloudflare Outage. Many websites returned a “500 Internal Server Error.” High-profile sites like LinkedIn, Zoom, Canva, and Shopify were affected. Even Downdetector, a site for reporting outages, went offline. This event highlights Cloudflare’s critical role, as it provides infrastructure for a vast portion of the internet. The company acknowledged the issue swiftly, stating the problem was not a cyberattack but stemmed from an internal change designed to protect customers and address a recent industry-wide vulnerability. The impact of this Cloudflare Outage was significant for many users worldwide.

Root Cause: A Fix Gone Wrong, Causing Cloudflare Outage

The core issue that led to the Cloudflare Outage was a modification to Cloudflare’s body parsing logic. This change was part of an effort to mitigate a critical vulnerability, known as CVE-2025-55182 (or React2Shell), which affects React Server Components. Cloudflare’s Web Application Firewall (WAF) usually buffers request body content to detect malicious payloads. As part of the fix for this vulnerability, Cloudflare began increasing its buffer size to protect users of React and related frameworks like Next.js. However, a “straightforward error in the code” caused the failure. This error had existed undetected for years. The change was deployed using Cloudflare’s global configuration system, which propagates updates rapidly across the entire network. In certain circumstances, this error state resulted in 500 HTTP error codes being served. Customers using the older FL1 proxy with the Cloudflare Managed Ruleset were impacted most by this particular Cloudflare Outage. This situation arose despite scheduled maintenance in some data centers.

Impact on Users and Services During the Outage

The Cloudflare Outage caused considerable disruption. Thousands of websites experienced website downtime. Users reported being unable to access services. For some, this meant a complete inability to load pages; for others, it was intermittent errors. The widespread nature of the failure meant many businesses felt the impact of this internet disruption. Online shopping, communication platforms, and essential services were affected. The incident also affected Cloudflare’s own dashboard and APIs, making it difficult for customers to get status updates initially. The impact was felt across various sectors, including e-commerce, software services, and financial platforms. For example, the Indian stockbroker Groww was also offline. Affected sites like Fortnum & Mason displayed simple error messages, offering little reassurance to Christmas shoppers during the Cloudflare Outage.

A Familiar Pattern: Recalling November’s Outage

This event is not the first major disruption for Cloudflare recently. An incident on November 18, 2025, also caused widespread internet problems. That outage lasted for several hours and was attributed to a configuration file for threat traffic management that grew beyond its expected size, triggering a crash in the system handling traffic. That earlier incident affected major services like ChatGPT and X, and also impacted Cloudflare’s WARP and Access services. The recurrence of such significant outages in close succession, like the recent Cloudflare Outage, raises serious concerns. It underscores the fragility of web infrastructure and questions the resilience of core providers.

Cloudflare’s Response and Future Measures Post-Outage

Cloudflare’s Chief Technology Officer, Dane Knecht, apologized, stating the company had “let the Internet down again.” Cloudflare is taking steps to prevent future occurrences. They plan enhancements to their rollout and versioning systems. Streamlining “break glass” capabilities is also a priority, and replacing hard-fail logic with “fail-open” error handling is underway. They are reviewing their global configuration system, and all network changes are currently locked down. This pause will continue until improved mitigation and rollback systems are in place following the Cloudflare Outage. The company committed to publishing more details soon, with this news featured as a critical update.

Broader Concerns for Internet Reliability Beyond a Single Outage

These recent outages prompt broader discussions, highlighting how dependent the digital world is on a small number of core infrastructure providers. Experts suggest this concentration increases risk; when a major provider fails, the ripple effects of a Cloudflare Outage can span across countries and industries. Professor Feng Li noted the need for multi-region architecture and emphasized strengthening regional isolation. Ensuring critical control planes can fail safely is also vital. The reliability narrative of large providers faces scrutiny, and these events question the safety of relying on a few giants. The recent news underscores this ongoing debate about preventing further network failures.

Conclusion on the Cloudflare Outage

The December 5th Cloudflare Outage was brief but impactful. It was triggered by an effort to secure systems against a new vulnerability. Cloudflare’s quick response and fix were crucial. However, the incident serves as a stark reminder of the interconnectedness of global services and emphasizes the need for robust web infrastructure. The company’s commitment to systemic improvements is key. Customers and users will watch closely, hoping for greater stability following this significant Cloudflare Outage.