Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Path Traversal in Gandia Integra Total by TESI

Posted date 08/10/2025
Identificador
INCIBE-2025-0549
Importance
4 - High
Affected Resources

Gandia Integra Total, versions prior to 4.4.2246.2.

Description

INCIBE has coordinated the publication of a high-severity vulnerability affecting Gandia Integra Total by TESI, a software for survey management and market analysis. The vulnerability was discovered by David Utón Amaya (m3n0sd0n4ld).

This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:

  • CVE-2025-41073: CVSS v4.0: 7.1 | CVSS AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N | CWE-22
Solution

The vulnerability has been fixed by the TESI team in version 4.4.2446.2.

Detail
  • CVE-2025-41073: Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including those located in parent directories (e.g., ..\..\..), by exploiting the “direstudio” parameter in “/encuestas/integraweb[_v4]/integra/html/view/comprimir.php”.
CVE
Explotación
No
References list
Gandia Integra Total
Etiquetas