CVE-2021-25141

Name: CVE-2021-25141
Creator: NVD / NIST
Published: 2021-02-09T17:15:14.78+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.4/10EPSS 0.30%

Last modified Jun 17, 2026

CVE-2021-25141 is a medium-severity vulnerability rated 4.4/10 on the CVSS scale. A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. EPSS estimates a 0.30% chance of exploitation in the next 30 days.

Description

A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability.

Metrics

CVSS 3.1

4.4/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.30%

21.2th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Arubanetworks	Aruba 5406r Zl2 Firmware	< kb.16.10.0012
Arubanetworks	Aruba 5412r Zl2 Firmware	< kb.16.10.0012
Arubanetworks	Aruba 3810m Firmware	< kb.16.10.0012
Arubanetworks	Aruba 2930m Firmware	< wc.16.10.0012
Arubanetworks	Aruba 2930f Firmware	< wc.16.10.0012
Arubanetworks	Aruba 2920 Firmware	< wb.16.10.0011
Arubanetworks	Aruba 2540 Firmware	< yc.16.10.0012
Arubanetworks	Aruba 2530ya Firmware	< ya.16.10.0012
Arubanetworks	Aruba 3800 Firmware	< ka.16.04.0022
Arubanetworks	Aruba 2620 Firmware	< ra.16.04.0022
Hpe	8200 Zl Firmware	< k.15.18.0024
Hpe	6200 Yl Firmware	< k.15.18.0024
Hpe	3500 Firmware	< k.16.02.0032
Hpe	3500 Yl Firmware	< k.16.02.0032
Arubanetworks	Aruba 2530yb Firmware	< yb.16.10.0012

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04082en_usThird Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04082en_usThird Party Advisory

Timeline

Published: Feb 9, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-25141?

How severe is CVE-2021-25141?

CVE-2021-25141 has a CVSS score of 4.4/10 (MEDIUM severity). The EPSS model estimates a 0.30% probability of exploitation in the next 30 days.

How do I fix CVE-2021-25141?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-25141?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST