CVE-2025-68421

Description

Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in version 2026.4

References

• https://cert.pl/posts/2026/05/CVE-2025-68420/
• https://www.comarch.pl/erp/comarch-optima/