Cloudflare and Amazon Web Services, two companies that help run a significant portion of the internet, experienced major service disruptions in late 2025, affecting millions of users and raising questions about how much the web depends on just a few technology companies.
Cloudflare’s first outage occurred on November 18, 2025, when a database permissions change caused its Bot Management system file to grow twice its standard size. When this oversized file spread across Cloudflare’s global network, it triggered system failures, displaying error messages to users worldwide. The disruption affected multiple services, including the core Content Delivery Network, security tools, Workers KV, and the company’s customer dashboard. Cloudflare engineers initially thought they were experiencing a cyberattack, but after investigating, they discovered the real problem was the configuration file that had grown too large. The team fixed the issue by stopping the faulty file from spreading further and replacing it with an earlier working version, restoring regular service by 14:30 UTC.
Less than three weeks later, on December 5, 2025, another Cloudflare outage struck. This incident lasted approximately 26 minutes and affected roughly 28% of Cloudflare’s web traffic. The problem occurred when engineers made changes to the company’s Web Application Firewall to address a security flaw in React Server Components. Disabling an internal testing tool unexpectedly caused errors in Cloudflare’s proxy system, resulting in HTTP 500 errors being served to customers. Major websites went down, including LinkedIn, Zoom, Coinbase, and Anthropic’s Claude AI chatbot.
The outage had immediate financial consequences, as Cloudflare’s stock price dropped 4.5% in premarket trading. Downdetector recorded nearly 2,000 user reports at the incident’s peak, falling to around 120 reports by 6:10 AM Eastern Time as services were restored.
Amazon Web Services also experienced a significant outage in 2025. AWS suffered a disruption in its US EAST 1 region caused by a DNS race condition. The AWS outage raised particular concern because of the company’s role as what analysts describe as the backbone of the modern corporate internet, meaning disruptions there could trigger cascading failures across multiple economic sectors. In October 2025, Amazon’s cloud service experienced another outage that affected numerous online services.
An analysis from 247 Wall St. noted that the Cloudflare outage made approximately 20% of the internet inaccessible. The report expressed even greater concern about the AWS outage, given how much of the corporate internet relies on Amazon’s infrastructure. The piece highlighted that AWS’s central role means failures could have cascading effects across multiple sectors.
The repeated outages sparked broader discussions among technology experts about internet infrastructure. Growing concerns emerged about the centralization of key internet services among a small number of large companies. Some observers questioned whether major tech firms have become “too big to not fail,” given their dominance in providing essential internet infrastructure.
Experts interviewed by CNN attributed increasing outage frequency to several factors: society’s growing dependence on digital services, consolidation of critical cloud infrastructure among few providers, and the reality that companies like Cloudflare and AWS serve as backbone infrastructure for much of the modern web. While IT outages have been relatively common throughout internet history, the scale and impact of recent incidents have been more significant because major providers serve as the foundation for so many online services.
The year 2025 saw multiple significant cloud infrastructure disruptions beyond Cloudflare and AWS. Microsoft Azure experienced an outage related to a Front Door service failure, Google Cloud Platform suffered a disruption due to a null pointer problem, and SentinelOne experienced a global platform outage. These successive incidents highlighted fundamental vulnerabilities in cloud infrastructure and underscored the critical importance of designing systems that assume failure rather than expecting continuous uptime.
Cloudflare apologized for its disruptions and acknowledged that any downtime is unacceptable given its role as critical internet infrastructure. The company outlined plans to strengthen its systems, including improving how it handles configuration files, adding more emergency shutdown switches, and reviewing how its systems respond to errors.
Industry analysts recommended that companies implement strategies using multiple content delivery providers with automatic backup systems to maintain service if one provider fails. Experts also suggested businesses add monitoring tools to detect issues early and test alternative pathways to keep applications accessible during provider outages.
The incidents underscore concerns about the organization’s reliance on a limited set of vendors for security and web solutions, emphasizing the need for backup plans to address single points of failure in technology infrastructure. Technology industry observers said the frequency of recent major outages should prompt businesses to reassess dependence on individual providers and develop more resilient approaches that don’t rely heavily on any single company.