Database Access Vulnerability in Comarch ERP Optima by Comarch
CVE-2025-68421

8.7HIGH

Key Information:

Vendor: Comarch
Status: Erp Optima
Vendor: CVE Published:; 14 May 2026

What is CVE-2025-68421?

A vulnerability in Comarch ERP Optima allows attackers to exploit hard-coded database credentials that cannot be changed. This oversight permits remote attackers to access the database with elevated privileges, potentially allowing them to execute system commands on the server. Users should upgrade to version 2026.4 to mitigate this security risk.

Affected Version(s)

ERP Optima 0 < 2026.4

References

https://www.comarch.pl/erp/comarch-optima/

product

https://cert.pl/posts/2026/05/CVE-2025-68420/

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
Dec 17, 2025

Credit

Wojciech Giełda

CVE-2025-68421 Data

JSON