CVE-2025-41073

MEDIUM

TESI Gandia Integra Total 4.4.2236.1 - Authenticated Path Traversal via direstudio Parameter

Title source: llm

Description

Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including those located in parent directories (e.g., ..\..\..), by exploiting the “direstudio” parameter in “/encuestas/integraweb[_v4]/integra/html/view/comprimir.php”.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-gandia-integra-total-tesi

Scores

CVSS v3 6.5

EPSS 0.0031

EPSS Percentile 22.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

tesigandia/gandia_integra_total 4.4.2236.1

Published Oct 23, 2025

Tracked Since Feb 18, 2026