On Tuesday, November 18, 2025, Cloudflare suffered a massive worldwide outage that began around 06:20 a.m. ET / 11:30 GMT. Cloudflare said it began with a "spike in unusual traffic" to one of its services. As a result, "Network" and "multi-region fabric" went offline, and 20–25% of the internet saw HTTP 500, 521, 522, and "Connection Timed Out" errors.
Technical logs cited "CF_EDGE_ROUTING_FAILURE", "Origin-Shield connectivity loss," and "BGP path withdrawals" for key clusters (LCP-LON in London and LCP-FRA in Frankfurt). They also caused DNS resolution timeouts on Cloudflare's 1.1.1.1 service and "Security Audit Lockout" errors.
Reports of downtime were coming from the UK (London, Manchester), Poland (Warsaw), Germany, the Netherlands, Singapore, India, Australia (Sydney), South Africa, and the US (East Coast).
Switch Cloudflare DNS
System administrators were unable to disable proxies. Cloudflare Dashboard and SSO logins are protected by the failing "Turnstile" (CAPTCHA replacement) and Cloudflare Access services.
Attempts to switch DNS were unsuccessful. Major domain registrars Namecheap and Spaceship use Cloudflare for their own frontend/login protection, so users can't change nameservers.
However, some engineers were able to use the API, which remained partially functional while the UI was dead.
A workaround was to programmatically disable the Cloudflare proxy ("proxied":false) for DNS records using curl commands and API tokens. This way, traffic bypassed Cloudflare and went directly to origin servers. The access were restored at the cost of exposing server IPs and losing SSL/DDoS protection.
Some services relying on Cloudflare were able to fall back to alternative infrastructure (like AWS).
Affected Websites and Services
The outage knocked offline X/Twitter (11,500+ outage reports), OpenAI's ChatGPT and Anthropic's Claude (users were stuck in infinite "verify you are human" loops due to Cloudflare challenges failing), Spotify, Grindr, Letterboxd, and the fan fiction site Archive of Our Own (AO3). Google's Gemini remained functional.
Development tools were inaccessible, halting productivity for software engineers. This included outages at Supabase (impacting services), TailwindCSS (CDN failure), Mercury Bank (dashboard and card payments failed), and Replicate (AI platform).
The digital failure disrupted the Velib bike rental app in Paris (leaving stations empty or unresponsive), Garmin services, South African local websites, and affected government websites in Denmark during an active election day.
Even independent third-party monitoring web tools Downdetector and "Down For Everyone Or Just Me" were initially useless as they also rely on Cloudflare's infrastructure to load.
At the same time, users reported that DigitalOcean, Linode, and Hetzner infrastructure remained stable. This time, legacy setups (a Linode VM running for 20 years with minimal dependencies) survived the outage while modern "multi-cloud" setups failed.
Owners of many websites remained online and fully functional throughout the crisis because their architecture ran on bare metal / FreeBSD without reliance on Cloudflare or AWS, serving as an example of the benefits of old-school, decentralized hosting.
Was it a Cyberattack?
It was unlikely to be a cyberattack. Cloudflare services are designed with redundancy to avoid being a single point of failure that attackers could exploit to cause a collapse.
Cloudflare says that root cause of the outage was a "configuration file".
Cloudflare's systems use automation to constantly update their firewall rules and routing tables. When their sensors detect malicious activity (like a botnet or DDoS attack), an automated process creates a configuration file containing "signatures" or IP addresses that need to be blocked or filtered. This time, the configuration file that is automatically generated to manage threat traffic grew beyond an expected size of entries.
The file grew too large - exceeding the limits that the reading software was programmed to handle. When the traffic management software attempted to load or parse this oversized configuration file, it crashed. This likely caused a memory overflow (running out of RAM) or a parser error (the code didn't know how to process the extra data), causing the entire service process to terminate. Since this specific software is responsible for handling traffic, meaning it decides where web requests go and if they are safe, its crash meant that Cloudflare's servers stopped processing requests entirely.
Suspected Causes and Technical Theories
Many developers initially had a "heart attack" because they believed their own recent deployments or config changes had broken their sites.
Technical discussions tried to find the real cause, like "Vibe Coding" (the idea that an increasing reliance on AI-generated code in production is leading to hard-to-debug infrastructure), a potential state-sponsored DDoS attack (supported by Cloudflare disabling WARP VPN access in London during remediation), or a BGP misconfiguration similar to previous incidents.
Disabling WARP (VPN) access in London led to speculation that a potential routing loop or localized attack vector was the root cause, not a simple global misconfiguration.
The outage also coincided suspiciously with scheduled maintenance taking place in Atlanta and Los Angeles, leading to speculation that a maintenance window contributed to the traffic spike or routing failure.
The Centralization Problem
Many recognized again that the modern internet is dangerously centralized. Cloudflare and AWS act as single points of failure that can take down the internet.
However, everybody understands that it's a prisoner's dilemma. Using Cloudflare is mandatory to survive DDoS attacks and bot scraping. Decentralization is hard to achieve for small businesses.
The rise of aggressive resource-intensivу AI scrapers (like ByteSpider from TikTok) makes independent hosting no longer viable without Cloudflare's umbrella to filter this traffic.
Financial Consequences
Cloudflare's stock (NET) value dropped 3.4% after the news.
A single hour of downtime costs mid-sized tech-dependent businesses an average of $300,000 in lost sales and wages.
The outage, which lasted more than 90 minutes, breached Service Level Agreements guaranteeing uptime. This may force Cloudflare to issue refunds to its 300,000+ paying customers, impacting revenue.
The breach of trust could potentially increase Cloudflare's customer churn rate by 2 to 3% in the coming quarter and force the company to increase large investments in multi-cloud redundancy. This could squeeze near-term profits by 5% or more.
About Cloudflare
The company defines its services as "protecting websites, apps, APIs, and AI workloads" and "accelerating performance". Cloudflare has an often invisible role in monitoring web traffic to verify that users are human and defending against malicious distributed denial of service (DDoS) attacks targeted to overwhelm sites with requests.
Cloudflare has a documented history of similar widespread disruptions. A July 2019 incident, a software bug impacted Discord, Shopify, and Coinbase for 30 minutes. A June 2022 outage in 19 data centers lasted about 90 minutes.
The current problems at Cloudflare occurred less than a month after a major outage at Amazon Web Services (AWS), a separate infrastructure giant, which also brought down thousands of sites.
Rate this article
Recommended posts
.jpg)
.png)
.png)
 data center-image(600x250-crop).png)
.png)
.png)
.png)
.png)
.png)
.png)
.PNG)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
Our Clients' Feedback
Belitsoft has been the driving force behind several of our software development projects within the last few years. This company demonstrates high professionalism in their work approach. They have continuously proved to be ready to go the extra mile. We are very happy with Belitsoft, and in a position to strongly recommend them for software development and support as a most reliable and fully transparent partner focused on long term business relationships.
Global Head of Commercial Development L&D at Technicolor
They use their knowledge and skills to program the product, and then completed a series of quality assurance tests. We were working in an agile way with them. Belitsoft performed very well throughout our project. We are definitely looking at Belitsoft as a long-term partner.
Service Delivery Director at Crimson (United Kingdom)
I highly recommend Belitsoft for website design and development. We were up against a tight deadline to launch the project. The work was delivered on time and within budget! I will continue working with Belitsoft as a valued partner for our web development!
Program Administrator at UC Berkeley (United States)
We have worked with Belitsoft team over the past few years on projects involving much customized programming work. They are knowledgeable and are able to complete tasks on schedule, meeting our technical requirements. We would recommend them to anyone who is in need of custom programming work.
Main Partner at Hathway Tech (United States)
Belitsoft company is able to make changes instantly. One of our internal engineers has commented about how clean their code is. Belitsoft seems to know what they're doing, which I appreciate.
Co-Founder at HOWCAST MEDIA (United States)
It was a great pleasure working with Belitsoft software development company. New requirements and adjustments were implemented fast and precisely. We can recommend Belitsoft and are looking forward to start a follow-up project.
Head of Division at Fraunhofer FIT (Germany)
Belitsoft company has been able to provide senior developers with the skills to support back end, native mobile and web applications. We continue today to augment our existing staff with great developers from Belitsoft.
CEO at Apollo Matrix (United States)
Belitsoft company delivered dedicated development team for our products, and technical specialists for our clients' custom development needs. We highly recommend to use this company if you want the same benefits.
Managing Director at Key2Know A/S in 2012 (Denmark)
We approached BelITsoft with a concept, and they were able to convert it into a multi-platform software solution. Their team members are skilled, agile and attached to their work, all of which paid dividends as our software grew in complexity.
COO at Regenerative Medicine LLC (United States)
Having worked with Belitsoft as a service provider, I must say that I'm very pleased with the company's policy. Belitsoft guarantees first-class service through efficient management, great expertise, and a systematic approach to business. I would strongly recommend Belitsoft's services to anyone wanting to get the right IT products in the right place at the right time.
CEO at Moblers
If you are looking for a true partnership Belitsoft company might be the best choice for you. They have proven to be most reliable, polite and professional. The team managed to adapt to changing requirements and to provide me with best solutions. I strongly recommend Belisoft.
Director at ShowCast Limited (Germany)
I expected and demanded a lot of you at Belitsoft company, but you exceeded my expectations. You acted pro-actively, challenged me at the right moments. Thanks!"
CEO at Ticken B.V. (Netherlands)
We have been working for over 10 years and they have become our long-term technology partner. Any software development, programming, or design needs we have had, Belitsoft company has always been able to handle this for us.
Founder from ZensAI (Microsoft)/ formerly Elearningforce