Cloudflare outage on December 5, 2025

On December 5, 2025, Cloudflare experienced a significant network failure affecting approximately 28% of its HTTP traffic due to a change in body parsing logic intended to mitigate a vulnerability in React Server Components. The incident lasted around 25 minutes and was not the result of a cyber attack but rather an internal error caused by a combination of circumstances, including the propagation of changes to Cloudflare's Web Application Firewall (WAF) and issues with the FL1 proxy's handling of a specific "execute" action in its ruleset. The error was linked to a Lua exception resulting from a longstanding bug in the code, which did not manifest in the newer FL2 proxy written in Rust. Efforts are underway to improve Cloudflare's deployment processes, including enhanced rollouts, streamlined critical operations, and "fail-open" error handling, to prevent similar incidents. The company acknowledged the impact on customers and is taking steps to ensure better mitigation and rollback systems are in place, with a commitment to publishing a detailed breakdown of ongoing resiliency projects.