Cloudflare blames today's outage on React2Shell mitigations
Recorded: Dec. 5, 2025, 9:13 p.m.
| Original | Summarized |
Cloudflare blames today's outage on React2Shell mitigations News Featured Critical React, Next.js flaw lets hackers execute code on servers North Korea lures engineers to rent identities in fake IT worker scheme CISA warns of Chinese "BrickStorm" malware attacks on VMware servers Marquis data breach impacts over 74 US banks, credit unions Barts Health NHS discloses data breach after Oracle zero-day hack FBI warns of virtual kidnapping scams using altered social media photos A Practical Guide to Continuous Attack Surface Visibility EU fines X $140 million over deceptive blue checkmarks Tutorials Latest How to access the Dark Web using the Tor Browser How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11 How to use the Windows Registry Editor How to backup and restore the Windows Registry How to start Windows in Safe Mode How to remove a Trojan, Virus, Worm, or other Malware How to show hidden files in Windows 7 How to see hidden files in Windows Webinars Latest Qualys BrowserCheck STOPDecrypter AuroraDecrypter FilesLockerDecrypter AdwCleaner ComboFix RKill Junkware Removal Tool Deals Categories eLearning IT Certification Courses Gear + Gadgets Security VPNs Popular Best VPNs How to change IP address Access the dark web safely Best VPN for YouTube Forums Virus Removal Guides HomeNewsSecurityCloudflare blames today's outage on React2Shell mitigations Cloudflare blames today's outage on React2Shell mitigations By Sergiu Gatlan December 5, 2025 Earlier today, Cloudflare experienced a widespread outage that caused websites and online platforms worldwide to go down, returning a "500 Internal Server Error" message. Break down IAM silos like Bitpanda, KnowBe4, and PathAI Related Articles: Cloudflare Sergiu Gatlan Previous Article Post a Comment Community Rules You need to login in order to post a comment Not a member yet? Register Now You may also like: Popular Stories ChatGPT is down worldwide, conversations disappeared for users Cloudflare down, websites offline with 500 Internal Server Error Marquis data breach impacts over 74 US banks, credit unions Sponsor Posts Hackers love the holidays! Share FREE Security Awareness Training to keep family & friends cyber-safe! AI is a data-breach time bomb: Read the new report Overdue a password health-check? Audit your Active Directory for free What you’re overlooking to protect your business Empowering IT teams with intelligence driven cyber threat research. Upcoming Webinar Follow us: Main Sections News Community Forums Useful Resources Welcome Guide Company About BleepingComputer Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure Copyright @ 2003 - 2025 Bleeping Computer® LLC - All Rights Reserved Login Username Password Remember Me Sign in anonymously Sign in with Twitter Not a member yet? Register Now Help us understand the problem. What is going on with this comment? Spam Abusive or Harmful Inappropriate content Strong language Other Read our posting guidelinese to learn what content is prohibited. Submitting... |
Cloudflare experienced a significant global outage on December 5, 2025, impacting websites and online platforms worldwide with “500 Internal Server Error” messages. The incident is attributed to emergency mitigations implemented in response to a newly disclosed, maximum-severity security vulnerability dubbed React2Shell, affecting React Server Components (RSC) and related frameworks. Approximately 28% of Cloudflare’s HTTP traffic was impacted by these changes. The vulnerability, tracked as CVE-2025-55182, resides within the “Flight” protocol used in React Server Components and specifically targets React versions 19.0 through 19.2.0 released within the past year. Attackers can leverage this flaw to execute remote code execution in React and Next.js applications by sending specifically crafted HTTP requests to React Server Function endpoints. While the initial scope appeared limited, security researchers with Amazon Web Services (AWS) quickly reported active exploitation by China-linked hacking groups, including Earth Lamia and Jackpot Panda, shortly after the vulnerability's public disclosure. The National Health Service (NHS) England’s National CSOC also confirmed the availability of functional proof-of-concept exploits and predicted widespread exploitation. This event follows a notable previous outage in June 2025, involving Access authentication failures and disruptions to Cloudflare’s Global Network, impacting Google Cloud infrastructure. Cloudflare’s Chief Technology Officer, Dane Knecht, described this incident as the firm’s most significant outage since 2019. The rapid exploitation of React2Shell underscores the urgency of the situation, with the NHS warning of likely continued successful attacks. The discovery highlights the complexities of managing vulnerabilities within server-side rendering technologies and the potential for rapid propagation of risks across interconnected systems. Cloudflare’s response demonstrates the organization's commitment to mitigating emerging threats, but the incident serves as a reminder of the ongoing need for vigilance and proactive security measures within the broader internet ecosystem. |