Table of Contents
Is your website offline because of the latest Cloudflare React2Shell update?
A significant outage impacted the Cloudflare Content Delivery Network (CDN) this morning, December 5, 2025. This disruption triggered immediate availability issues across a wide range of dependent internet services. Users began reporting “500 Internal Server Errors” shortly after 10:00 AM CET.
Scope and Timeline
Data indicates the outage was sharp but short-lived. Disruption reports spiked at approximately 9:53 AM. Major platforms relying on Cloudflare infrastructure, including Zoom and Epic Games, experienced brief connectivity failures. By 10:30 AM, network stability returned, and error reports dropped significantly.
The Root Cause: React2Shell Mitigation
Cloudflare has confirmed the source of the instability. The outage was not a result of a cyberattack. Instead, it stemmed from an internal update to the Cloudflare Web Application Firewall (WAF).
Engineers deployed a specific rule change to mitigate a critical industry-wide threat known as React2Shell. This vulnerability (CVE-2025-55182) affects React Server Components and carries a maximum severity CVSS score of 10.0.
Technical Breakdown
The WAF update aimed to parse and filter requests to block exploits targeting the React vulnerability. However, the new parsing logic inadvertently caused the Cloudflare network to reject legitimate traffic, resulting in widespread availability errors.
Current Status
Cloudflare has resolved the incident. The faulty WAF configuration has been corrected.
Advisor Recommendations
- Verify Connectivity: Ensure your properties are resolving correctly.
- Check WAF Logs: Review your firewall events log to ensure legitimate traffic is passing through.
- Patch React: While Cloudflare provides a shield, you must patch your underlying React and Next.js applications against CVE-2025-55182 immediately to ensure long-term security.