ADVERTISEMENT

Cloudflare says Friday outage caused by critical React security update, not malicious cyberattack

Cloudflare suffered a major service outage early Friday morning, and now reveals the disruption was caused by a faulty update intended to harden systems against the much-publicized, critical React flaw.

HTPP 500 error message

Samuel Boivin/NurPhoto via Getty Images

Stefanie Schappert
Stefanie Schappert Senior Journalist
Dec 6, 2025 3 min read
Key takeaways:

Not a cyberattack

Cloudflare HTTP disruption graph
The graph shows HTTP 500 errors served by Cloudflare's network during the incident timeframe (red line at the bottom), compared to unaffected total Cloudflare traffic (green line at the top). December 5th, 2025. Image by Cloudflare.

What happened?

ADVERTISEMENT
Cloudflare December outage timeline
Image by Cloudflare
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

Promising changes, again

  • Enhanced Rollouts & Versioning - for all configuration data, not just software.
  • Streamline "break glass" capabilities - to ensure safe emergency operations even when multiple systems falter.
  • “Fail-open” error handling - replace hard failures with safety defaults to prevent traffic drops caused by corrupt or out-of-range config files.

ADVERTISEMENT