On 18 November 2025 at 11:20 UTC, Cloudflare's network began experiencing significant failures to deliver core network traffic. This showed up to Internet users trying to access its customers' sites as an error page indicating a failure within Cloudflare's network.
According to researchers Matthew Prince, the issue was not caused, directly or indirectly, by a cyber-attack or malicious activity of any kind. Instead, it was triggered by a change to one of its database systems' permissions which caused the database to output multiple entries into a “feature file” used by their Bot Management system. That feature file, in turn, doubled in size. The larger-than-expected feature file was then propagated to all the machines that make up its network.
Link to full report: IR-25-324-001_CloudFlare.pdf
Comments