CVE-2025-41373 is a high-severity SQL injection vulnerability affecting TESI's Gandia Integra Total software versions from 2.1.2217.3 up to 4.4.2236.1. The vulnerability resides in the 'idestudio' parameter within the endpoint /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php. An authenticated attacker with low privileges can exploit this flaw to perform unauthorized SQL commands, enabling them to retrieve, create, update, or delete database records. This vulnerability is classified under CWE-89, indicating improper neutralization of special elements used in SQL commands, which allows injection of malicious SQL code. The CVSS v4.0 score is 8.7 (high), reflecting the network attack vector, low attack complexity, no user interaction, and the requirement of low privileges but no additional authentication barriers. The impact on confidentiality, integrity, and availability is high, as the attacker can manipulate database contents extensively. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability was reserved in April 2025 and published in August 2025 by INCIBE, a Spanish cybersecurity entity, suggesting regional awareness and possibly targeted response efforts. Given the nature of the vulnerability, it poses a significant risk to organizations using the affected versions of Gandia Integra Total, especially those relying on the integrity and confidentiality of their database systems for operational or sensitive data.

For European organizations using TESI Gandia Integra Total, this vulnerability poses a critical risk to data security and operational continuity. Exploitation could lead to unauthorized data disclosure, data tampering, or deletion, potentially affecting business processes, regulatory compliance (such as GDPR), and trustworthiness of information systems. Since the vulnerability requires authentication but only low privileges, insider threats or compromised user credentials could be leveraged to escalate attacks. The ability to manipulate databases could disrupt services, corrupt records, or enable further lateral movement within networks. Organizations in sectors such as education, public administration, or any domain where Gandia Integra Total is deployed for survey or data management could face significant operational disruptions and reputational damage. Additionally, the absence of patches increases the window of exposure, necessitating immediate mitigation efforts.

1. Immediate mitigation should include restricting access to the vulnerable endpoint and the 'idestudio' parameter to only trusted and necessary users, employing strict access controls and monitoring. 2. Implement Web Application Firewalls (WAFs) with custom rules to detect and block suspicious SQL injection patterns targeting the affected parameter. 3. Conduct thorough input validation and sanitization on all user-supplied data, especially the 'idestudio' parameter, to neutralize special SQL characters and prevent injection. 4. Enforce the principle of least privilege on user accounts to minimize the impact of compromised credentials. 5. Monitor logs for unusual database queries or errors indicative of injection attempts. 6. Engage with TESI for official patches or updates and plan prompt deployment once available. 7. Consider temporary compensating controls such as disabling the vulnerable functionality if feasible. 8. Perform security awareness training to reduce the risk of credential compromise that could facilitate exploitation.