Cloudflare experienced a major global outage today, causing widespread "500 Internal Server Error" messages for many websites. The company has attributed the disruption to the emergency deployment of mitigations for a critical remote code execution vulnerability in React Server Components, known as React2Shell (CVE-2025-55182). This flaw allows attackers to execute arbitrary code by sending malicious HTTP requests to vulnerable React-based applications.
The outage was not the result of a cyberattack but occurred when Cloudflare updated its body parsing logic to detect and block exploitation attempts. These changes inadvertently affected approximately 28% of all HTTP traffic served by the company. The React2Shell vulnerability impacts several React frameworks, including Next.js, but is limited to specific versions of React released within the past year.
Despite the limited scope, multiple threat actors, including China-linked groups, have already begun exploiting the vulnerability, and functional proof-of-concept code is publicly available. This incident follows other significant Cloudflare outages in recent months, highlighting the challenges of maintaining global infrastructure while rapidly responding to emerging security threats. The company is now working to stabilize its services and prevent similar issues in the future.
Read more...