PT-2026-40903 · Comarch · Erp Optima
Wojciech Giełda
·
Published
2026-05-14
·
Updated
2026-05-14
·
CVE-2025-68421
CVSS v4.0
8.7
High
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Comarch ERP Optima versions prior to 2026.4
Description
The client uses a hard-coded password for a database user that cannot be changed. This allows a remote attacker to gain access to the database with elevated privileges, which may include the ability to execute system commands on the server.
Recommendations
Update to version 2026.4.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Erp Optima