Cloudflare down, websites offline with 500 Internal Server Error

News

Featured
Latest

Critical React, Next.js flaw lets hackers execute code on servers

North Korea lures engineers to rent identities in fake IT worker scheme

CISA warns of Chinese "BrickStorm" malware attacks on VMware servers

Marquis data breach impacts over 74 US banks, credit unions

Barts Health NHS discloses data breach after Oracle zero-day hack

FBI warns of virtual kidnapping scams using altered social media photos

A Practical Guide to Continuous Attack Surface Visibility

EU fines X $140 million over deceptive blue checkmarks

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsTechnologyCloudflare down, websites offline with 500 Internal Server Error

Cloudflare down, websites offline with 500 Internal Server Error

By Mayank Parmar

December 5, 2025
04:12 AM
2

Cloudflare is down, as websites are crashing with a 500 Internal Server Error. Cloudflare has confirmed that it's investigating the reports.
Cloudflare, a service that many websites use to stay fast and secure, is currently facing problems.
Because of this, people visiting some websites are seeing a “500 Internal Server Error” message instead of the normal page.

Cloudflare outage takes down DownDetector
A 500 error usually means something went wrong on the server side, not on the user’s device or internet connection.
In an update to its status page, Cloudflare states that it's investigating issues with the Cloudflare Dashboard and related APIs.
"Customers using the Dashboard / Cloudflare APIs are impacted as requests might fail and/or errors may be displayed," the company noted.
Cloudflare says it has implemented a fix, and websites should start coming back online soon.
Cloudflare says React2Shell patch deployment caused the outage
Claudflare has shared more details in another update to its documentation and promised to publish a detailed report soon.
According to the company, it made a change to Cloudflare's Web Application Firewall to patch an industry-wide vulnerability (React2Shell) affecting React Server Components.
The patch caused issues with Cloudflare, which crashed millions of websites, including Cloudflare's own dashboard.
"This was not an attack; the change was deployed by our team to help mitigate the industry-wide vulnerability disclosed this week in React Server Components," the company explained.
Update 1: All websites have been fully restored as of 8 AM ET.

Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Get the guide

Related Articles:
Cloudflare blames today's outage on React2Shell mitigationsCloudflare blames this week's massive outage on database issuesCloudflare hit by outage affecting Global Network servicesMicrosoft Defender portal outage disrupts threat hunting alertsMicrosoft: Exchange Online outage blocks access to Outlook mailboxes

Cloudflare
Outage

Mayank Parmar
Mayank Parmar is an technology entrepreneur who is currently pursuing an MBA. At BleepingComputer, he covers technology news with a strong focus on Microsoft and Windows-related stories. He is always poking under the hood of Windows, looking for the latest secrets to reveal.

Previous Article
Next Article

Comments

bistrobot - 10 hours ago

The main outage seems to be over.

EdAtWork - 7 hours ago

Wow, 2 high-visibility outages in just a few weeks. Not a great track record for CloudFlare.

Post a Comment Community Rules

You need to login in order to post a comment
Not a member yet? Register Now

You may also like:

Popular Stories

ChatGPT is down worldwide, conversations disappeared for users

Marquis data breach impacts over 74 US banks, credit unions

North Korea lures engineers to rent identities in fake IT worker scheme

Sponsor Posts

Hackers love the holidays! Share FREE Security Awareness Training to keep family & friends cyber-safe!

What you’re overlooking to protect your business

AI is a data-breach time bomb: Read the new report

Overdue a password health-check? Audit your Active Directory for free

Empowering IT teams with intelligence driven cyber threat research.

  Upcoming Webinar

Follow us:

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure

Copyright @ 2003 - 2025 Bleeping Computer® LLC - All Rights Reserved

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

Cloudflare, a globally recognized content delivery network (CDN) and DNS provider, experienced a significant outage on December 5, 2025, resulting in widespread website downtime and the appearance of “500 Internal Server Error” messages for numerous users. This disruption, detailed in a BleepingComputer report, was precipitated by a reactive measure taken by Cloudflare to address a vulnerability within its React Server Components infrastructure, specifically a flaw known as React2Shell. The company’s initial communication acknowledged a problem with its Cloudflare Dashboard and related APIs, impacting customers reliant on these services. Subsequently, Cloudflare released an update confirming that the outage stemmed from a patch deployment designed to mitigate the React2Shell vulnerability, disclosed earlier in the week.

The technical root cause lies within the React2Shell vulnerability, which allows unauthorized access to server-side code and potentially sensitive data within Cloudflare's infrastructure. This flaw, as reported, essentially provided a pathway for attackers to execute arbitrary code, posing a substantial security risk. Cloudflare’s decision to deploy a patch to address this vulnerability, while a necessary security response, inadvertently triggered a cascading failure across its services, impacting not only the dashboard but also the websites relying on Cloudflare’s CDN. The scale of the disruption was substantial, affecting millions of websites globally, including those of numerous financial institutions and other critical services.

The timeline of events reveals a rapid sequence of actions and communication. Initially, users reported experiencing 500 internal server errors, a common HTTP status code indicating a problem on the server side rather than the client. Cloudflare's initial status page indicated an investigation was underway regarding issues with its dashboard and associated APIs. Recognizing the severity of the situation and the potential security implications, Cloudflare swiftly implemented a patch to address the React2Shell vulnerability. Following this, the company publicly acknowledged the root cause of the outage, revealing that the patch deployment was the trigger. Within approximately eight hours, Cloudflare confirmed that all websites had been fully restored, indicating a rapid response and remediation effort.

This incident highlights several key vulnerabilities and operational considerations within a large-scale CDN provider. It underscores the inherent risks associated with reactive security patching, where a fix intended to address one vulnerability can inadvertently disrupt other services. A more robust and granular approach to patching, perhaps incorporating comprehensive testing and simulations, could have potentially avoided this widespread disruption. Moreover, the incident emphasizes the importance of clear and timely communication from Cloudflare to its user base, providing regular updates on the status of the restoration efforts.

The situation underscores the interdependencies within the digital ecosystem, where a failure at one level can quickly propagate and cause significant disruption across multiple services. It serves as a potent reminder of the vital need for robust security practices and thorough risk assessment, particularly when implementing critical infrastructure changes like security patches. Furthermore, the rapid response and ultimate resolution of the issue by Cloudflare demonstrates their technical capabilities and commitment to providing reliable services.