CVE-2025-41073 is a path traversal vulnerability classified under CWE-22 affecting TESI Gandia Integra Total version 4.4.2236.1. The vulnerability arises from improper validation of the 'direstudio' parameter in the '/encuestas/integraweb[_v4]/integra/html/view/comprimir.php' endpoint. An authenticated attacker can manipulate this parameter to include directory traversal sequences (e.g., '..\..\..') to access files outside the intended directory scope. This allows the attacker to download a ZIP archive containing arbitrary files from the server's filesystem, potentially exposing sensitive data stored in parent directories. The vulnerability requires authentication but no additional user interaction or elevated privileges, and the attack vector is network accessible (AV:N). The CVSS 4.0 base score is 7.1, indicating high severity, with low attack complexity and no user interaction required. The vulnerability compromises confidentiality (VC:H) but does not affect integrity or availability. No known exploits have been reported in the wild yet. The vulnerability was reserved in April 2025 and published in October 2025, with no patch currently available, highlighting the need for immediate mitigation steps. The affected product is used in enterprise environments, often handling sensitive survey and data collection operations, increasing the risk of data leakage.

For European organizations, the impact of CVE-2025-41073 can be significant due to the potential exposure of sensitive internal files and data. Since the vulnerability allows authenticated attackers to download arbitrary files, confidential business information, personal data protected under GDPR, or intellectual property could be compromised. This breach of confidentiality could lead to regulatory penalties, reputational damage, and operational disruptions. Organizations in sectors such as government, healthcare, finance, and critical infrastructure that use TESI Gandia Integra Total for data collection or processing are particularly at risk. The ease of exploitation and network accessibility mean that insider threats or compromised credentials could quickly lead to data exfiltration. Additionally, the lack of a current patch increases the window of exposure. The vulnerability does not directly affect system integrity or availability but can serve as a foothold for further attacks or lateral movement within networks.

1. Immediately restrict access to the vulnerable endpoint '/encuestas/integraweb[_v4]/integra/html/view/comprimir.php' by implementing strict access controls and network segmentation to limit exposure only to trusted users. 2. Enforce strong authentication mechanisms and monitor authentication logs for suspicious activity, such as unusual file download requests or repeated access attempts to the 'direstudio' parameter. 3. Implement web application firewalls (WAFs) with custom rules to detect and block directory traversal patterns in HTTP requests targeting the vulnerable parameter. 4. Conduct thorough audits of server file permissions to ensure sensitive files outside the application directory are not accessible or readable by the web server process. 5. Regularly back up critical data and monitor for signs of data exfiltration. 6. Engage with TESI for updates and apply official patches or security updates as soon as they become available. 7. Consider deploying intrusion detection systems (IDS) tuned to detect exploitation attempts targeting this vulnerability. 8. Educate users about the importance of credential security to reduce the risk of compromised accounts being used to exploit this vulnerability.