CVE-2025-68421

Published: Mag 14, 2026 Last Modified: Mag 14, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,7

Source: [email protected]

Attack Vector: adjacent

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server.
This issue has been fixed in version 2026.4

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0005

Percentile

0,1th

Updated

EPSS Score Trend (Last 7 Days)

798

Use of Hard-coded Credentials

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Integrity Confidentiality Availability Other

Potential Impacts:

Bypass Protection Mechanism Read Application Data Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Other

Applicable Platforms

Technologies: Mobile, ICS/OT

Likelihood of Exploit: High

View CWE Details

https://cert.pl/posts/2026/05/CVE-2025-68420/

https://www.comarch.pl/erp/comarch-optima/

CVE-2025-68421

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 7 Days)

Use of Hard-coded Credentials

Common Consequences

Applicable Platforms

Iscriviti alla newsletter