CVE-2025-41073
BaseFortify
Publication date: 2025-10-23
Last updated on: 2025-10-30
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tesigandia | gandia_integra_total | 4.4.2236.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-41073 is a path traversal vulnerability in TESI Gandia Integra Total version 4.4.2236.1. It allows an authenticated attacker to exploit the βdirestudioβ parameter in a specific PHP file to download a ZIP file containing arbitrary files from the server, including files located in parent directories by using directory traversal sequences like ..\..\.. This means the attacker can access files outside the intended directory. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with valid authentication to download sensitive or unauthorized files from the server, potentially exposing confidential data. Although it does not impact integrity or availability, the unauthorized disclosure of files can lead to information leakage and compromise of sensitive information stored on the server. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to exploit the 'direstudio' parameter in the URL path '/encuestas/integraweb[_v4]/integra/html/view/comprimir.php' with directory traversal sequences such as '..\..\..' to see if arbitrary files can be downloaded in a ZIP file. For example, using curl or wget commands to send authenticated requests to this endpoint with crafted 'direstudio' parameter values may help detect the vulnerability. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade TESI Gandia Integra Total to version 4.4.2446.2 or later, where this vulnerability has been fixed. Until the upgrade can be applied, restrict access to the vulnerable endpoint and ensure that only trusted authenticated users can access the system to reduce the risk of exploitation. [1]