Cloudflare experienced a significant network outage on December 5, 2025, affecting approximately 28% of its HTTP traffic. The incident was resolved after about 25 minutes, but it left many customers impacted.
The issue was caused by changes made to Cloudflare’s body parsing logic while attempting to detect and mitigate an industry-wide vulnerability in React Server Components. A subset of customers were affected, primarily those using the older FL1 proxy and the Cloudflare Managed Ruleset. The outage was triggered by a bug in the rules module that resulted in HTTP 500 errors being issued.
Cloudflare’s rulesets system consists of sets of rules evaluated for each request entering the system. A new feature called “execute” was introduced, which triggered evaluation of another ruleset containing test rules. However, this led to an error when the killswitch subsystem applied was not properly handled, causing the bug to manifest.
The incident is a reminder that even minor changes can have significant impacts on Cloudflare’s network. The company has been working to prevent similar incidents in the future, including deploying enhanced rollouts and versioning, streamlined break glass capabilities, and “Fail-Open” error handling. A detailed breakdown of these resiliency projects will be published next week.
Cloudflare has apologized for the impact of the outage on its customers and the internet as a whole.
Source: https://blog.cloudflare.com/5-december-2025-outage