CVE-2025-41374 – A SQL injection vulnerability in Gandia Integra... (How to Fix)

Q: What is the severity of CVE-2025-41374?

CVE-2025-41374 has a CVSS score of 8.8 (HIGH). A SQL injection vulnerability in Gandia Integra Total of TESI allows authenticated attackers to manipulate the 'idestudio' parameter to execute arbitrary SQL commands. This enables attackers to retrieve, create, update, and delete databases. Organizations using affected versions of this software are at risk.

📋 TL;DR

A SQL injection vulnerability in Gandia Integra Total of TESI allows authenticated attackers to manipulate the 'idestudio' parameter to execute arbitrary SQL commands. This enables attackers to retrieve, create, update, and delete databases. Organizations using affected versions of this software are at risk.

💻 Affected Systems

Products:

Gandia Integra Total of TESI

Versions: 2.1.2217.3 to 4.4.2236.1

Operating Systems: Not specified, likely cross-platform

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authentication to exploit, but default configurations may be vulnerable.

📦 What is this software?

Gandia Integra Total by Tesigandia

View all CVEs affecting Gandia Integra Total →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, destruction, or ransomware deployment, potentially leading to full system takeover.

🟠

Likely Case

Unauthorized data access and modification, privilege escalation, and potential lateral movement within the database environment.

🟢

If Mitigated

Limited impact due to proper input validation, parameterized queries, and network segmentation restricting database access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection vulnerabilities are typically easy to exploit with basic tools like SQLmap when the attack vector is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-gandia-integra-total-tesi

Restart Required: No

Instructions:

Check vendor advisory for updates. Apply patches when available. Implement input validation and parameterized queries in the meantime.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection rules to block malicious requests.

Input Validation

all

Implement strict input validation on the 'idestudio' parameter to allow only expected values.

🧯 If You Can't Patch

Implement network segmentation to isolate the vulnerable system from critical databases.
Enforce principle of least privilege on database accounts used by the application.

🔍 How to Verify

Check if Vulnerable:

Test the 'idestudio' parameter with SQL injection payloads (e.g., ' OR '1'='1) in /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php.

Check Version:

Check software version in administration panel or configuration files.

Verify Fix Applied:

Verify that SQL injection payloads no longer execute and return error messages or are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by SQL injection patterns

Network Indicators:

HTTP requests containing SQL keywords (SELECT, UNION, etc.) in the 'idestudio' parameter

SIEM Query:

source="web_logs" AND (url="*hislistadoacciones.php*" AND (param="*idestudio=*SELECT*" OR param="*idestudio=*UNION*"))

📊 Metadata

CVE ID: CVE-2025-41374

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.04% exploit probability (10.1th percentile)

Published: August 1, 2025

Last Updated: October 8, 2025

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-gandia-integra-total-tesi Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-41374, you might also want to check these: