Cloudflare Outage Caused by React2Shell Mitigations

The critical React vulnerability has been exploited in the wild by Chinese and other threat actors.

Cloudflare has blamed a Friday outage on mitigations for the critical React vulnerability dubbed React2Shell.

React2Shell, officially tracked as CVE-2025-55182, is an unauthenticated remote code execution vulnerability that came to light on December 3.

Given the React development framework’s popularity, it’s not surprising that Chinese and other threat actors quickly jumped on the opportunity to exploit React2Shell.

Major companies such as Google Cloud, AWS, and Cloudflare immediately responded to the vulnerability. 

Cloudflare informed customers soon after the public disclosure of CVE-2025-55182 that web application firewall (WAF) protections had been rolled out. However, it seems that some of the mitigations implemented by the web performance and security company have led to disruptions.

Cloudflare started investigating issues on December 5 at 08:56 UTC. A fix was rolled out within half an hour, but by that time outages had been reported by several major internet services, including Zoom, LinkedIn, Coinbase, DoorDash, and Canva.  

In a brief incident report after services were restored, the company clarified that “a change made to how Cloudflare’s Web Application Firewall parses requests caused Cloudflare’s network to be unavailable for several minutes this morning”.

“This was not an attack; the change was deployed by our team to help mitigate the industry-wide vulnerability disclosed this week in React Server Components,” Cloudflare added. 

This is the second significant Cloudflare outage in less than a month. An incident that occurred in mid-November impacted major online services and critical organizations for several hours. The company clarified at the time that the incident was not caused by a cyberattack.