Cloudflare fixes second outage in a month | Computer Weekly

Cloudflare fixes second outage in a month | Computer Weekly

Briefly

"Cloudflare has successfully recovered its services after a second outage in the space of three weeks briefly took down Cloudflare Dashboard and related APIs, knocking out multiple online services. The issues surfaced shortly after 9am GMT (4am EST) and left users unable to access sites such as Canva, Coinbase, LinkedIn, SubStack, X, Zoom, and once again, the DownDetector service relied on by many to monitor web outages."

"A spokesperson told Computer Weekly that a change to how Cloudflare's web application firewall parses requests impacted the availability of its network for about 25 minutes. "This was not an attack - the change was deployed by our team to help mitigate the industry-wide vulnerability disclosed this week in React Server Components," they said. The flaw in question was tracked as CVE-2025-55182 - although a duplicate identifier, CVE-2025-66478 has also been assigned to it. Referred to by some as React2Shell, it is a critical remote code execution (RCE) vulnerability that affects the React library used to build many web applications."

"It affects all React applications that support React Server Components, and notably, according to Rapid7 researchers, server applications may also be vulnerable even if they do not explicitly implement any React Server Function endpoints but do support React Server Components. Rapid7's researchers added that many popular frameworks based on React, including Next.js, are affected by the issue. Successfully exploited, an unauthenticated attacker could gain the ability to execute arbitrary code on an affected server. A weaponised proof-of-concept exploit is believed to have been shared. "Organisations who use React or the affected downstream frameworks are urged to remediate this vulnerability on an urgent basis, outside of normal patch cycles and before broad exploitation begin"