QwikSec

Security Database

CVE

CWE

Training

CVE-2025-68421

Published: May 14, 2026

Modified: May 14, 2026

PUBLISHED

Description

Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in version 2026.4

Vendor	Product	Versions
Comarch	ERP Optima	affected `0 - < 2026.4`

Weaknesses (CWE)

References

https://www.comarch.pl/erp/comarch-optima/

product

https://cert.pl/posts/2026/05/CVE-2025-68420/

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.