On November 18, 2025, Cloudflare — the CDN powering X, Discord, AWS, Shopify, and millions of sites — suffered a 2-hour 45-minute global outage. The cause? A software bug in a routine update, not a cyberattack. Here’s the full story.


Outage Timeline (UTC)

Time Event Impact
10:00 Update deployed to 25% of network Latency spikes in Europe
11:15 Bug triggers routing table overflow US East services fail
11:45 80% of edge nodes down X, Discord, AWS, Spotify offline
13:30 Rollback complete Full recovery
Total downtime: 2 hours 45 minutes — longest since 2022.

Root Cause: A Memory Leak in BGP Code

Cloudflare was rolling out an optimization to BGP routing. A single unbounded loop caused routing tables to grow uncontrollably, crashing edge servers worldwide.

  • No DDoS, no hack — just a classic software bug
  • Affected 300+ data centers
  • Rollback took 45 minutes due to scale

Major Services Hit

Service Duration Down Users Affected
X (Twitter) 2h 30m 500M+
Discord 2h 45m 150M+
AWS (partial) 1h 40m 1M+ sites
Spotify 1h 50m 600M+

Cloudflare’s Response: Full Transparency

CEO Matthew Prince posted a detailed post-mortem within 4 hours, including the exact code line. Fixes rolled out globally by Nov 20.

Compensation: Free month for all affected enterprise customers.

Lessons for the Industry

Lesson Action Taken
Staged rollouts Now max 5% of network
Circuit breakers Auto-rollback on anomaly
Chaos testing Weekly failure simulations

Final Thought

One bug, two hours, half the internet down — but transparency turned disaster into trust.

Cloudflare didn’t just fix the bug — they set a new standard for outage communication. In an era of silent failures, honesty wins.

November 18, 2025: The day the internet blinked — and learned.

Data Sources & Methodology (as of Nov 22, 2025):

  • Cloudflare Official Postmortem (Nov 19)
  • Reuters, TechCrunch — timeline and impact
  • X @Cloudflare, @MatthewPrince — real-time updates
  • Downdetector — 10M+ user reports