CVE-2025-41376 is a high-severity SQL injection vulnerability affecting TESI's Gandia Integra Total software versions from 2.1.2217.3 up to 4.4.2236.1. The flaw resides in the 'idestudio' parameter within the endpoint /encuestas/integraweb[_v4]/integra/html/view/consultacuotasred.php. An authenticated attacker with at least low privileges can exploit this vulnerability without requiring user interaction. By injecting malicious SQL commands through the vulnerable parameter, the attacker can perform unauthorized actions on the backend database, including retrieving sensitive data, creating, updating, or deleting database records. The vulnerability is classified under CWE-89, indicating improper neutralization of special elements used in SQL commands. The CVSS 4.0 base score is 8.7, reflecting a high impact on confidentiality, integrity, and availability, with network attack vector, low attack complexity, no user interaction, and privileges required but no authentication bypass. No known exploits are currently reported in the wild, and no patches are listed yet. The vulnerability was reserved in April 2025 and published in August 2025, with INCIBE as the assigner. Given the direct database manipulation capability, this vulnerability poses a significant risk to the confidentiality and integrity of data managed by Gandia Integra Total, potentially leading to data breaches, data loss, or service disruption.

For European organizations using TESI's Gandia Integra Total, this vulnerability could lead to severe consequences. The ability to manipulate database contents can result in unauthorized disclosure of sensitive information, including personal data protected under GDPR, leading to regulatory penalties and reputational damage. Data integrity could be compromised, affecting business operations reliant on accurate data. Availability may also be impacted if attackers delete or corrupt critical data, causing service outages or operational disruptions. Since the vulnerability requires authentication but no user interaction, insider threats or compromised credentials could be leveraged to exploit this flaw. Organizations in sectors such as education, public administration, or any domain where Gandia Integra Total is deployed for survey or data management could be particularly vulnerable. The absence of known exploits in the wild provides a window for proactive mitigation, but the high severity score underscores the urgency of addressing this issue to prevent potential targeted attacks.

To mitigate this vulnerability, European organizations should first verify their use of TESI Gandia Integra Total and identify affected versions. Immediate steps include restricting access to the vulnerable endpoint to trusted users only and enforcing strong authentication and authorization controls to minimize the risk of credential compromise. Input validation and parameterized queries should be implemented or verified in the application code to neutralize SQL injection vectors. Since no official patches are currently available, organizations should engage with TESI for timelines on security updates and consider applying temporary compensating controls such as Web Application Firewalls (WAFs) configured to detect and block SQL injection attempts targeting the 'idestudio' parameter. Regular monitoring of logs for suspicious database queries and anomalous activities is recommended. Additionally, conducting security audits and penetration testing focused on this vulnerability can help identify exploitation attempts. Backup and recovery procedures should be reviewed and tested to ensure rapid restoration in case of data corruption or loss.