CVE-2025-68421

Vulnerability Description

Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in version 2026.4

Related Weaknesses (CWE)

CWE-798

References

https://cert.pl/posts/2026/05/CVE-2025-68420/
https://www.comarch.pl/erp/comarch-optima/

FAQ

What is CVE-2025-68421?

CVE-2025-68421 is a documented vulnerability. Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with eleva...

How severe is CVE-2025-68421?

CVSS scoring is not yet available for CVE-2025-68421. Check NVD for updates.

Is there a patch for CVE-2025-68421?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.