Cloudflare Down Today: Global Internet Outage on December 5, 2025 – What Happened, Who Was Hit, and If It’s Fixed Now

Cloudflare went down on December 5, 2025, knocking out up to 20% of websites and causing 500 Internal Server Errors across major apps like Zoom, LinkedIn, X, Spotify, Canva, Shopify and more. Here’s the cause, timeline, and what to do if your site is still impacted.

Key points at a glance

When it happened: The outage began shortly before 09:00 UTC on December 5, 2025, when Cloudflare reported “service issues” affecting its Dashboard and APIs. ^[1]
How long it lasted: Monitoring sites and live blogs estimate roughly 30–40 minutes of widespread disruption, with services gradually recovering after a fix was applied at 09:12 UTC. ^[2]
What users saw: Millions of people were met with “500 Internal Server Error” and other 5xx errors when trying to load Cloudflare‑protected sites. ^[3]
Who was affected: Major platforms including X (Twitter), LinkedIn, Zoom, Spotify, Discord, Canva, Notion, Fortnite, Valorant, ChatGPT, Perplexity, Coinbase, Shopify stores, Deliveroo, JustEat, Downdetector and multiple trading platforms reported issues. ^[4]
Root cause (so far): Cloudflare says the outage was not a cyberattack. A change to its Web Application Firewall (WAF) request parsing, rolled out to mitigate a newly disclosed React Server Components vulnerability, briefly made parts of the network unavailable. ^[5]
Current status: Cloudflare has marked the main “Cloudflare Service Issues” incident as resolved, and reports show most sites back online, though separate issues with Workers scripts and KV are still under investigation. ^[6]

Cloudflare down today: timeline of the December 5 outage

Shortly before 09:00 UTC on December 5, 2025, Cloudflare’s own status page raised a red flag: an incident labeled “Cloudflare Service Issues” noted problems with the Dashboard and Cloudflare APIs, warning that requests might fail or show errors. ^[7]

At almost exactly the same time, monitoring sites like Downdetector and independent uptime tools recorded a steep spike in error reports for Cloudflare and dozens of dependent services. TechRepublic describes it as a “widespread internet outage” that disrupted major websites and services worldwide starting around 09:00 UTC. ^[8]

By then, users around the globe were already seeing:

Pages refusing to load
Login loops on major apps
Screens full of 500 Internal Server Error and other 5xx responses

BleepingComputer reported that Cloudflare had acknowledged the incident and was “investigating issues with the Cloudflare Dashboard and related APIs”, while confirming that a fix was in progress. ^[9]

According to Cloudflare’s own status history and live coverage from outlets such as Tom’s Guide, the critical milestones were: ^[10]

08:56 UTC – Cloudflare starts investigating API and Dashboard issues.
09:09 UTC – The company posts an update that it is still investigating.
09:12 UTC – A fix is rolled out; status is moved to “Monitoring”.
09:19–09:20 UTC – Cloudflare says it is continuing to monitor, then marks the incident resolved.

From the user perspective, though, the practical impact lasted roughly 30–40 minutes, with some sites recovering sooner and others lagging behind as caches, DNS and individual application stacks stabilized. ^[11]

Which websites and apps went down?

Because Cloudflare sits in front of a huge chunk of the modern web – providing DNS, CDN, WAF and performance services – an outage at this layer cascades quickly.

Based on early reporting from The Economic Times, TechRepublic, Red94 and other outlets, plus live user reports, the following categories were hit particularly hard: ^[12]

Social & communication

X (Twitter)
LinkedIn
Discord

Users described empty timelines, timeouts, and failed logins.

Productivity, work tools & AI

Canva and Notion became unavailable for large numbers of users.
AI services including ChatGPT and Perplexity returned errors or failed to respond during the peak of the outage. ^[13]

Video, games & entertainment

Zoom conferences were interrupted mid‑call.
Anime streaming platform Crunchyroll experienced access problems.
Popular games including Fortnite and Valorant showed login failures linked to Cloudflare issues. ^[14]

Finance & trading

Indian trading and investing platforms Zerodha, Groww, Angel One, Upstox and others faced downtime during active market hours, forcing some brokers to redirect orders to backup channels. ^[15]

E‑commerce & online retail

Shopify‑powered stores and dashboards
Marketplaces such as Etsy, Wayfair, Vinted and other retail platforms reported intermittent failures and 500 errors. ^[16]

Media, monitoring & infrastructure

Newsrooms including BBC, Politico, Axios and other outlets saw temporary disruptions. ^[17]
Downdetector itself – the go‑to site for checking whether something is down – also failed, because it too relies on Cloudflare. ^[18]

Combined, these outages meant that for a short window, something like one in five web pages failed to load correctly, according to estimates cited by Tom’s Guide and TechRepublic. ^[19]

Was it a cyberattack? Cloudflare’s explanation

Given the scale, many people immediately suspected a massive DDoS campaign or another coordinated cyberattack. Cloudflare, however, is being very explicit: this was not an attack.

On the official status page, the post‑incident summary for “Cloudflare Service Issues” explains that the outage was triggered by: ^[20]

A change to how the Web Application Firewall parses incoming requests,
Rolled out as part of an emergency mitigation for an industry‑wide security vulnerability in React Server Components disclosed this week.

Cloudflare says the change unintentionally made parts of its network unavailable “for several minutes”, effectively turning what should have been a security hardening step into a global connectivity problem. ^[21]

Cloudflare’s CTO, Dane Knecht, also posted on X, stressing that: ^[22]

The incident was not caused by a hostile actor.
It was tied to adjustments meant to mitigate a React‑related CVE, including disabling some logging and modifying how the WAF processed traffic.
A full, more detailed blog post / post‑mortem is expected later today.

In other words, a defensive change meant to protect customers from a new exploit path in React ended up briefly breaking a large portion of the web.

Why you saw “500 Internal Server Error” and other 5xx errors

Most users didn’t know or care about WAF rules or React vulnerabilities. What they saw was simple: error pages.

Here’s what was happening under the hood:

When Cloudflare’s edge network couldn’t handle or correctly forward a request, it often responded with HTTP 500 (Internal Server Error) or related 5xx status codes. ^[23]
Because Cloudflare sits between users and many origin servers, those errors appeared even if the underlying application or database was fine.
Monitoring services and news outlets repeatedly described today’s problem as a wave of 5xx errors and connectivity failures across Cloudflare‑backed websites. ^[24]

This is also why all Cloudflare‑fronted sites can appear broken at once: the bottleneck isn’t each app individually, it’s the shared layer that routes and inspects their traffic.

Is Cloudflare still down right now?

As of the latest updates on December 5, 2025:

The “Cloudflare Service Issues” incident is marked resolved on the official status page. A fix was applied at 09:12 UTC, and the summary states the network is now stable. ^[25]
Live blogs such as Tom’s Guide report that 500 errors have largely disappeared and that DownDetector graphs for major services have dropped back to normal levels. ^[26]

However, Cloudflare also lists an ongoing incident called “Cloudflare Workers Issues”, noting an increased level of errors and odd behavior (like empty pages) for some customers using Workers scripts and Workers KV. ^[27]

What this means in practice:

For most regular users, websites and apps backed by Cloudflare should now be working normally.
A smaller subset of applications that rely heavily on Workers or specific advanced features may still show intermittent glitches while Cloudflare continues its investigation.

If a particular site is still flaky, it’s likely either:

Still recovering / re‑warming caches and infrastructure after the outage, or
Affected by the separate Workers‑related issue.

Another outage so soon: how December 5 compares to the November 18 meltdown

Today’s outage hits a particularly sensitive nerve because it comes just weeks after Cloudflare’s major November 18, 2025 incident.

In that earlier case, Cloudflare has already published a detailed post‑mortem: ^[28]

A Bot Management feature file was being regenerated every few minutes and pushed globally.
A change to database permissions caused that file to grow far larger than expected.
The oversized file propagated across Cloudflare’s network, overloading services and causing widespread 5xx errorsthat affected many high‑profile customers, including X, ChatGPT and Perplexity.

Analyses of that outage, along with Cloudflare’s own blog, describe how a single misbehaving configuration file effectively took down around 20% of the internet for several hours. ^[29]

Today’s December 5 event is shorter and, so far, less catastrophic, but the pattern is worrying:

Both incidents are connected to rapid responses to emerging threats or configuration changes (bot management in November; React WAF mitigations today). ^[30]
Both show how a mistake in a single, centrally managed control plane can have internet‑scale consequences.

For businesses and regulators, this revival of “single point of failure” concerns is likely to be a major talking point in the days ahead.

What to do if your site is still broken

If you’re responsible for a website or SaaS product and you’re still seeing errors, here’s a practical checklist.

1. Confirm whether it’s Cloudflare or you

Check Cloudflare Status for any remaining incidents affecting your region or products (especially Workers, KV, or specific datacenters). ^[31]
Use external monitoring (or a simple curl from a machine that bypasses Cloudflare) to see if your origin serverresponds correctly without the proxy.

If your origin is fine but Cloudflare‑proxied traffic fails, it’s likely still related to today’s fallout.

2. Review WAF, firewall and security settings

Because today’s outage stems from a WAF parsing change tied to a React vulnerability, be especially careful with: ^[32]

Custom WAF rules that deeply inspect payloads
Recently added managed rulesets
Any emergency rules you turned on yourself as news of the React CVE rolled out

Temporarily disabling a single aggressive rule (after testing) may restore functionality if only part of your app is misbehaving.

3. Check Workers and KV if you use them

Cloudflare has a separate, ongoing incident for Workers issues. If you rely on Workers for routing, A/B tests, auth or edge logic, check: ^[33]

Error logs and dashboards in Cloudflare
Whether static assets load while dynamic pages fail
Whether direct origin access bypasses the problem

In some cases, you may be able to temporarily route around Workers for critical paths.

4. Plan for redundancy going forward

Today’s outage is another reminder that multi‑layer resilience matters:

Consider multi‑CDN setups or at least a tested plan for switching DNS away from a single provider during emergencies.
Keep a “degraded mode” that can bypass certain non‑essential services (e.g., fancy edge routing, some bots filters) when uptime is at risk.
Maintain clear runbooks so your team doesn’t have to improvise under pressure.

FAQ: Cloudflare outage – December 5, 2025

Why was Cloudflare down today?

Cloudflare says a change to its Web Application Firewall request parsing, pushed to address a newly disclosed React Server Components vulnerability, inadvertently made its network unavailable for several minutes, causing widespread 5xx errors. ^[34]

How long did the Cloudflare outage last?

The core incident window ran from around 08:56–09:20 UTC, with a fix deployed at 09:12 UTC and status moving to “resolved” shortly afterward. Monitoring sites and live coverage observed roughly 30–40 minutes of major disruption. ^[35]

Which websites were affected?

Reports highlight problems at Zoom, LinkedIn, X, Discord, Canva, Notion, Spotify, Crunchyroll, Fortnite, Valorant, ChatGPT, Perplexity, Coinbase, Groww, Zerodha, Shopify‑powered stores, Deliveroo, JustEat, Etsy, Wayfair, Vinted and many news outlets. Even Downdetector went down. ^[36]

Is Cloudflare safe to use after this?

There’s no indication of a breach or external attack. The risk here is operational, not that user data was stolen. That said, having two major outages in a few weeks will intensify scrutiny of Cloudflare’s change management and may push some organizations to adopt multi‑vendor strategies. ^[37]

How can I tell if a future problem is Cloudflare’s fault?

Visit Cloudflare Status and services like Downdetector or similar monitoring tools. ^[38]
Test your site directly against the origin (bypassing Cloudflare) to see if it loads from a raw IP or non‑proxied hostname.
Watch for patterns: if many unrelated sites are broken at the same time and all use Cloudflare, it’s probably an issue at the infrastructure layer.