CVE-2025-41375 is a high-severity SQL injection vulnerability affecting TESI's Gandia Integra Total software versions from 2.1.2217.3 up to 4.4.2236.1. The vulnerability resides in the 'idestudio' parameter within the endpoint /encuestas/integraweb[_v4]/integra/html/view/consultaincimails.php. An authenticated attacker can exploit this flaw to perform unauthorized SQL commands, including retrieving, creating, updating, and deleting database records. This vulnerability is classified under CWE-89, indicating improper neutralization of special elements used in SQL commands. The CVSS 4.0 score is 8.7 (high), reflecting the network attack vector (no physical or local access needed), low attack complexity, no user interaction, but requiring privileges (authenticated user). The impact on confidentiality, integrity, and availability is high, as the attacker can manipulate database contents extensively. No known exploits in the wild have been reported yet, and no patches are currently linked, suggesting organizations should prioritize mitigation. The vulnerability affects a critical component of the Gandia Integra Total platform, which is used for survey and data management, potentially exposing sensitive organizational data if exploited.

For European organizations using TESI's Gandia Integra Total, this vulnerability poses significant risks. Exploitation could lead to unauthorized data disclosure, data tampering, or deletion, severely impacting business operations, regulatory compliance (e.g., GDPR), and trust. Since the vulnerability requires authentication but no user interaction, insider threats or compromised credentials could be leveraged by attackers to escalate damage. The ability to manipulate database contents could disrupt survey data integrity, reporting accuracy, and decision-making processes. Additionally, data breaches could result in legal penalties and reputational damage. Given the high CVSS score and the critical nature of the affected software, European entities relying on this product for data collection and management must consider this vulnerability a priority for remediation to maintain operational continuity and data security.

1. Immediate mitigation should include restricting access to the vulnerable endpoint to only trusted and necessary users, implementing strict authentication and authorization controls to minimize the risk of credential compromise. 2. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious SQL injection patterns targeting the 'idestudio' parameter. 3. Conduct thorough code reviews and input validation enhancements to ensure proper sanitization and parameterized queries or prepared statements are used for all database interactions involving user input. 4. Monitor logs for unusual database queries or access patterns indicative of exploitation attempts. 5. Since no official patches are currently available, consider isolating the affected application components or deploying compensating controls such as database activity monitoring and anomaly detection. 6. Educate users on secure credential management to reduce risk of account compromise. 7. Plan for prompt application updates once vendor patches are released and test them in controlled environments before deployment.