Cloudflare Outage Caused by React2Shell Mitigations

Cloudflare Outage Caused by React2Shell Mitigations

Posted on By CWS

Cloudflare has blamed a Friday outage on mitigations for the vital React vulnerability dubbed React2Shell.

React2Shell, formally tracked as CVE-2025-55182, is an unauthenticated distant code execution vulnerability that got here to gentle on December 3.

Given the React improvement framework’s reputation, it’s not stunning that Chinese language and different risk actors rapidly jumped on the chance to take advantage of React2Shell.

Main corporations comparable to Google Cloud, AWS, and Cloudflare instantly responded to the vulnerability. 

Cloudflare knowledgeable clients quickly after the general public disclosure of CVE-2025-55182 that net software firewall (WAF) protections had been rolled out. Nonetheless, plainly among the mitigations carried out by the online efficiency and safety firm have led to disruptions.

Cloudflare began investigating points on December 5 at 08:56 UTC. A repair was rolled out inside half an hour, however by that point outages had been reported by a number of main web companies, together with Zoom, LinkedIn, Coinbase, DoorDash, and Canva.  

In a short incident report after companies had been restored, the corporate clarified that “a change made to how Cloudflare’s Internet Utility Firewall parses requests induced Cloudflare’s community to be unavailable for a number of minutes this morning”.

“This was not an assault; the change was deployed by our crew to assist mitigate the industry-wide vulnerability disclosed this week in React Server Parts,” Cloudflare added. Commercial. Scroll to proceed studying.

That is the second vital Cloudflare outage in lower than a month. An incident that occurred in mid-November impacted main on-line companies and important organizations for a number of hours. The corporate clarified on the time that the incident was not attributable to a cyberattack.  

Associated: Aisuru Botnet Powers File DDoS Assault Peaking at 29 Tbps

Associated: European Airport Disruptions Attributable to Ransomware Assault

Associated: Two-12 months-Previous Ray AI Framework Flaw Exploited in Ongoing Marketing campaign

Security Week News Tags:, , , ,

Related Posts

Personal Information of 33.7 Million Stolen From Coupang Personal Information of 33.7 Million Stolen From Coupang Security Week News
Patient Data Breach at Oncology Institute Confirmed Patient Data Breach at Oncology Institute Confirmed Security Week News
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact  ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact  Security Week News
FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks Security Week News
EU Unveils AI Code of Practice to Help Businesses Comply With Bloc’s Rules EU Unveils AI Code of Practice to Help Businesses Comply With Bloc’s Rules Security Week News
New ‘Broadside’ Botnet Poses Risk to Shipping Companies New ‘Broadside’ Botnet Poses Risk to Shipping Companies Security Week News