Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including those located in parent directories (e.g., ..\..\..), by exploiting the “direstudio” parameter in “/encuestas/integraweb[_v4]/integra/html/view/comprimir.php”.
Advisories

No advisories yet.

Fixes

Solution

The vulnerability has been fixed by the TESI team in version 4.4.2446.2.


Workaround

No workaround given by the vendor.

History

Thu, 23 Oct 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 23 Oct 2025 11:15:00 +0000

Type Values Removed Values Added
Description Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including those located in parent directories (e.g., ..\..\..), by exploiting the “direstudio” parameter in “/encuestas/integraweb[_v4]/integra/html/view/comprimir.php”.
Title Path Traversal in Gandia Integra Total by TESI
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published:

Updated: 2025-10-23T14:40:49.039Z

Reserved: 2025-04-16T09:09:34.458Z

Link: CVE-2025-41073

cve-icon Vulnrichment

Updated: 2025-10-23T14:40:29.868Z

cve-icon NVD

Status : Received

Published: 2025-10-23T11:15:31.653

Modified: 2025-10-23T11:15:31.653

Link: CVE-2025-41073

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.