PT-2026-40903 · Comarch · Erp Optima

Wojciech Giełda

·

Published

2026-05-14

·

Updated

2026-05-14

·

CVE-2025-68421

CVSS v4.0

8.7

High

VectorAV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Comarch ERP Optima versions prior to 2026.4
Description The client uses a hard-coded password for a database user that cannot be changed. This allows a remote attacker to gain access to the database with elevated privileges, which may include the ability to execute system commands on the server.
Recommendations Update to version 2026.4.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-68421

Affected Products

Erp Optima