Table of Contents
Highlights
- The Cloudflare outage temporarily took down thousands of websites worldwide, disrupting major platforms like ChatGPT, X, Spotify, Canva, and League of Legends.
- The Cloudflare outage was triggered by a permissions change that generated an oversized bot-management feature file, causing widespread 5xx errors across the network.
- Engineers contained the Cloudflare outage quickly by halting file propagation, rolling back the faulty configuration, and restoring regular traffic within hours.
- In response to the Cloudflare outage, the company is deploying stricter configuration validation, new kill switches, and additional safeguards for its proxy engine to prevent similar incidents.
On 18 November 2025, Cloudflare experienced a significant outage that disrupted large parts of the internet. As one of the largest internet infrastructure providers, the company supports millions of websites, applications, and APIs.
When its network failed, the consequences were immediate and widespread. The incident underscored how much global digital services depend on centralized infrastructure, showing that a single internal issue can create cascading disruptions worldwide.
Impact on Global Internet Services
The Cloudflare outage caused service failures across sectors, including technology, entertainment, finance, e-commerce, and public transport. Websites using Cloudflare showed 5xx server errors, CAPTCHA loops, or failed to load completely. Users worldwide reported difficulties logging in to websites or performing basic online tasks.
Cloudflare’s global network serves about one-fifth of all internet properties, so the disruption affected more than just one region or industry. Some websites became very slow, while others went offline completely. Platforms that relied on Cloudflare’s security features could not verify legitimate users. This chain reaction not only halted user activity but also caused delays for businesses that depend on Cloudflare’s DNS, CDN, and bot management tools.
Big Names That Faced Trouble
A notable part of the Cloudflare outage was the long list of high-profile digital platforms affected. Among the most significant was ChatGPT, which faced a Cloudflare outage in several regions, leaving millions unable to access the AI service. X (formerly Twitter) also had issues, with users reporting problems loading timelines and media.
Other well-known platforms, such as Spotify, Canva, League of Legends, Perplexity, and significant financial and productivity services, also went offline. Even government systems were impacted; New Jersey Transit acknowledged that some of its digital services were unavailable during the incident.
The concentration of so many high-traffic services under Cloudflare’s infrastructure showed how a failure in one provider’s system can quickly create widespread issues affecting social networks, streaming services, creative platforms, gaming systems, and public utilities.
Root Cause of the Cloudflare Outage
Cloudflare confirmed soon after resolving the outage that it was not caused by a cyberattack but by an internal issue tied to its Bot Management infrastructure. A change in permissions within its database led to the creation of a “feature file” used to score and filter internet traffic. This file unexpectedly grew in size, exceeding the software’s expected limits.
When this oversized file spread across Cloudflare’s global network, systems began failing and returning internal errors. The damage was severe because it affected critical decision-making layers within Cloudflare’s proxies, resulting in widespread HTTP 5xx errors on the newer FL2 engine, while the older FL engine assigned zero bot scores to traffic.
Other internal tools also failed, like the Cloudflare Dashboard and Workers KV, worsening the Cloudflare outage and making internal recovery efforts harder.
Immediate Solutions Rolled Out by Cloudflare
After engineers identified the oversized feature file as the leading cause, Cloudflare acted quickly to stop its spread. The company reverted to a stable version and halted further propagation of the faulty configurations. Within a few hours—around 14:30 UTC—global traffic had mainly recovered. Some secondary systems took a bit longer, but at 17:06 UTC, all services were thoroughly restored.
To stabilize the situation, Cloudflare implemented temporary workarounds to ease the load on the strained proxy layers, allowing critical functions like Workers KV and Cloudflare Access to continue operating. This rapid response helped most websites get back online while longer-term fixes were developed.
Long-Term Fixes and Infrastructure Hardening
Cloudflare also announced a set of corrective actions to avoid similar incidents in the future. The company pledged to strengthen its configuration intake processes to ensure that internally generated files are validated with the same rigor as externally supplied data. It also shared plans to create additional global kill switches, which will allow engineers to disable failing components before they can spread quickly.
Additionally, Cloudflare began reviewing failure modes in its proxy architecture to ensure that debugging outputs, core dumps, or internal errors do not overwhelm system resources and cause further failures.
Conclusion
The 18 November 2025 Cloudflare outage serves as a potent reminder of the fragility and interconnectedness of today’s internet. From AI chatbots to social networks, gaming, streaming, financial systems, and transport services, the disruption revealed both the scope of Cloudflare’s influence and the risks associated with relying on centralized infrastructure.
While Cloudflare responded quickly and committed to significant long-term improvements, the incident will likely spark discussions among businesses and policymakers about resilience, redundancy, and the future reliability of internet infrastructure.
