CVE-2025-41377 is a high-severity SQL injection vulnerability identified in TESI's Gandia Integra Total software versions from 2.1.2217.3 up to 4.4.2236.1. The flaw exists in the 'idestudio' parameter within the PHP script located at /encuestas/integraweb[_v4]/integra/html/view/consultacuotasred.php. This parameter is improperly sanitized, allowing an authenticated attacker to inject malicious SQL commands. Exploitation enables the attacker to perform unauthorized actions on the backend database, including retrieving sensitive data, creating new records, updating existing entries, or deleting data. The vulnerability requires the attacker to have some level of authenticated access (low privileges) but does not require user interaction beyond that. The CVSS 4.0 score of 8.7 reflects the vulnerability's network exploitability (no physical or local access needed), low attack complexity, and the significant impact on confidentiality, integrity, and availability of the affected systems. The vulnerability does not currently have known exploits in the wild, but the absence of patches increases the risk of future exploitation. The CWE-89 classification confirms this is a classic SQL injection due to improper neutralization of special elements in SQL commands, a well-understood and critical web application security flaw.

For European organizations using TESI's Gandia Integra Total, this vulnerability poses a substantial risk. The ability to manipulate database contents can lead to exposure of sensitive personal or business data, violating GDPR and other data protection regulations. Data integrity could be compromised, potentially affecting operational processes, reporting accuracy, and decision-making. Availability impacts may arise if attackers delete or corrupt critical data, disrupting services. Given the authenticated nature of the exploit, insider threats or compromised user credentials could be leveraged to exploit this vulnerability. Organizations in sectors such as education, government, or enterprises relying on Gandia Integra Total for survey or data management functions are particularly at risk. The lack of patches means organizations must rely on compensating controls to mitigate risk until official fixes are available.

1. Immediate mitigation should include restricting access to the vulnerable endpoint to only trusted users and networks, employing network segmentation and strict access controls. 2. Implement Web Application Firewall (WAF) rules specifically designed to detect and block SQL injection attempts targeting the 'idestudio' parameter. 3. Enforce strong authentication mechanisms and monitor for unusual login patterns to reduce the risk of credential compromise. 4. Conduct thorough input validation and parameterized queries or prepared statements in the application code to prevent injection, if source code access and modification are possible. 5. Regularly audit and monitor database logs for suspicious queries or unauthorized data manipulation. 6. Engage with TESI to obtain patches or updates as soon as they become available and plan for prompt deployment. 7. Consider temporary disabling or limiting functionality of the affected module if feasible until a patch is applied. 8. Educate users about phishing and credential security to reduce the risk of initial access by attackers.