CVE-2025-41374 is a high-severity SQL injection vulnerability affecting TESI's Gandia Integra Total software versions from 2.1.2217.3 up to 4.4.2236.1. The vulnerability resides in the 'idestudio' parameter within the web application endpoint /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php. An authenticated attacker with at least limited privileges can exploit this flaw to perform unauthorized SQL commands, including retrieving, creating, updating, and deleting database records. This vulnerability is classified under CWE-89, indicating improper neutralization of special elements used in SQL commands. The CVSS 4.0 base score is 8.7, reflecting a high severity due to network attack vector (no physical or local access required), low attack complexity, no user interaction, and the ability to impact confidentiality, integrity, and availability of the affected system's data. The vulnerability does not require user interaction but does require some level of authentication, which limits exploitation to insiders or compromised accounts. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability was reserved in April 2025 and published in August 2025, indicating recent discovery and disclosure. Given the nature of the vulnerability, attackers could leverage it to manipulate critical data, potentially leading to data breaches, data loss, or disruption of services dependent on the affected database.

For European organizations using TESI Gandia Integra Total, this vulnerability poses a significant risk to the confidentiality, integrity, and availability of sensitive data managed by the application. Since the vulnerability allows authenticated attackers to execute arbitrary SQL commands, attackers could exfiltrate sensitive personal or business data, modify records to disrupt operations, or delete critical information, leading to operational downtime. This could have severe consequences for organizations in regulated sectors such as healthcare, finance, or public administration, where data protection and service continuity are paramount. Additionally, exploitation could lead to non-compliance with GDPR requirements, resulting in legal and financial penalties. The requirement for authentication means that insider threats or compromised credentials are the primary risk vectors, emphasizing the need for strong access controls and monitoring. The absence of known exploits in the wild provides a window for proactive mitigation, but the high severity score underscores the urgency of addressing this vulnerability promptly.

To mitigate CVE-2025-41374 effectively, European organizations should: 1) Immediately audit and restrict access to the Gandia Integra Total application, ensuring that only necessary personnel have authenticated access, and enforce strong authentication mechanisms such as multi-factor authentication (MFA). 2) Implement rigorous input validation and parameterized queries or prepared statements in the affected application code to neutralize SQL injection vectors, if source code access and patching are possible. 3) Monitor application logs and database activity for unusual queries or access patterns indicative of exploitation attempts. 4) Segregate the database and application servers within the network to limit lateral movement in case of compromise. 5) Engage with TESI for official patches or updates and apply them as soon as they become available. 6) Conduct regular security assessments and penetration testing focused on web application vulnerabilities, including SQL injection. 7) Educate users and administrators on the risks of credential compromise and enforce strict password policies. These steps go beyond generic advice by emphasizing access control tightening, monitoring, network segmentation, and proactive engagement with the vendor.