Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Cloudflare fixes second outage in a month | Computer Weekly

By Computer Weekly by By Computer Weekly
December 5, 2025
Home Uncategorized
Share on FacebookShare on Twitter


Cloudflare has successfully recovered its services after a second outage in the space of three weeks briefly took down Cloudflare Dashboard and related APIs, knocking out multiple online services.

The issues surfaced shortly after 9am GMT (4am EST) and left users unable to access sites such as Canva, Coinbase, LinkedIn, SubStack, X, Zoom, and once again, the DownDetector service relied on by many to monitor web outages.

At the time of writing, the issue was fully resolved and Cloudflare’s status page reported normal operations across its global network.

A spokesperson told Computer Weekly that a change to how Cloudflare’s web application firewall parses requests impacted the availability of its network for about 25 minutes.

“This was not an attack – the change was deployed by our team to help mitigate the industry-wide vulnerability disclosed this week in React Server Components,” they said.

The flaw in question was tracked as CVE-2025-55182 – although a duplicate identifier, CVE-2025-66478 has also been assigned to it. Referred to by some as React2Shell, it is a critical remote code execution (RCE) vulnerability that affects the React library used to build many web applications.

It affects all React applications that support React Server Components, and notably, according to Rapid7 researchers, server applications may also be vulnerable even if they do not explicitly implement any React Server Function endpoints but do support React Server Components.

Rapid7’s researchers added that many popular frameworks based on React, including Next.js, are affected by the issue.

Successfully exploited, an unauthenticated attacker could gain the ability to execute arbitrary code on an affected server. A weaponised proof-of-concept exploit is believed to have been shared.

“Organisations who use React or the affected downstream frameworks are urged to remediate this vulnerability on an urgent basis, outside of normal patch cycles and before broad exploitation begins,” said Rapid7’s team.

Responding to the Cloudflare outage, Mayur Upadhyaya, CEO of API monitoring and testing service APIContext, said: “When APIs and dashboards at this layer are impacted, the ripple effects are wide-reaching, not because of failure, but because of how much trust we place in these services to function smoothly behind the scenes. 

“This isn’t about blame – all services hiccup. It’s a reminder that resilience isn’t just about uptime – it’s about graceful degradation, clear observability, and understanding dependencies. As complexity grows, continuous testing and real-time signals become key to supporting both providers and customers through high-pressure moments like this.”

Opportunity for threat actors

While the latest hiccup to befall Cloudflare’s services was the result of a change designed to address a security vulnerability and protect its customers, rather than a cyber attack on its services, the incident should still have defenders on alert, said ESET global cyber security advisor Jake Moore.

“We have seen multiple errors like this in recent months which have led to catastrophic downtimes for thousands of websites,” said Moore. “It therefore potentially offers up new opportunities to threat actors wanting to cause mass disruption.”

Cloudflare’s previous outage, which unfolded on Tuesday 18 November 2025, forced the company’s worst period of downtime since 2019, when a change to the web traffic management firm’s bot management system caused a larger-than-expected file feature configuration file to be spread across its network, causing widespread crashes. Such was the scale of this incident that Cloudflare’s response teams initially believed they were dealing with a massive distributed denial of service (DDoS) attack.



Source link

By Computer Weekly

By Computer Weekly

Next Post
IBM Designated as a Critical Third-Party Provider Under EU DORA

IBM Designated as a Critical Third-Party Provider Under EU DORA

Recommended.

Qatar attracts VC fund managers to Doha with its  billion ‘fund of funds’

Qatar attracts VC fund managers to Doha with its $1 billion ‘fund of funds’

February 27, 2025
HCLTech mostrará el futuro de la IA nativa en la industria de las telecomunicaciones en el MWC 2026

HCLTech mostrará el futuro de la IA nativa en la industria de las telecomunicaciones en el MWC 2026

February 27, 2026

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
OpenTable Launches All-in-One Marketplace for Private and Group Dining

OpenTable Launches All-in-One Marketplace for Private and Group Dining

September 16, 2025

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio