CVE-2025-68421

Sažetak

Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in version 2026.4

Reference

https://cert.pl/posts/2026/05/CVE-2025-68420/
https://www.comarch.pl/erp/comarch-optima/

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

14-05-2026 - 16:07

Objavljeno

14-05-2026 - 11:16