CVE-2025-41372 is a high-severity SQL injection vulnerability affecting TESI's Gandia Integra Total software versions from 2.1.2217.3 up to 4.4.2236.1. The vulnerability resides in the 'idestudio' parameter within the PHP script located at /encuestas/integraweb[_v4]/integra/html/view/informe_campo_entrevistas.php. An authenticated attacker with at least low privileges can exploit this flaw to perform unauthorized SQL commands, enabling them to retrieve, create, update, or delete database records. This vulnerability is classified under CWE-89, indicating improper neutralization of special elements used in SQL commands, commonly known as SQL injection. The CVSS v4.0 score is 8.7 (high), reflecting the vulnerability's network attack vector, low attack complexity, no user interaction, and the requirement for privileges but no additional authentication barriers. The impact on confidentiality, integrity, and availability is high, as the attacker can manipulate the database content extensively. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved in April 2025 and published in August 2025 by INCIBE, a Spanish cybersecurity entity, suggesting regional awareness and possibly early detection in Spain or related markets.

For European organizations using TESI Gandia Integra Total, this vulnerability poses significant risks. The ability to manipulate database contents can lead to data breaches involving sensitive or personal data, violating GDPR and other data protection regulations. Data integrity can be compromised, affecting business operations, reporting accuracy, and decision-making processes. Availability may also be impacted if attackers delete or corrupt critical data, potentially disrupting services or workflows dependent on the application. Given the authenticated nature of the exploit, insider threats or compromised user accounts could be leveraged to escalate damage. Organizations in sectors such as public administration, education, or research—where TESI products might be deployed—are particularly vulnerable. The lack of known exploits provides a window for proactive mitigation, but the high severity demands urgent attention to prevent potential exploitation.

1. Immediate mitigation should include restricting access to the affected PHP script and the 'idestudio' parameter to only trusted and necessary users, implementing strict access controls and monitoring for anomalous database queries. 2. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the 'idestudio' parameter. 3. Conduct thorough input validation and parameterized queries or prepared statements in the application code to neutralize special SQL characters, if source code access and patching are possible. 4. Monitor database logs for unusual activities such as unexpected SELECT, INSERT, UPDATE, or DELETE commands originating from the application user context. 5. Enforce multi-factor authentication and strong credential policies to reduce the risk of account compromise that could facilitate exploitation. 6. Engage with TESI for official patches or updates and plan for timely deployment once available. 7. Perform security audits and penetration testing focused on SQL injection vectors in the affected application modules. 8. Educate users with access about the risks and signs of compromise to enable early detection.