CVE-2025-68421: CWE-798 Use of Hard-coded Credentials in Comarch ERP Optima
Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in version 2026.4
AI Analysis
Technical Summary
Comarch ERP Optima contains a CWE-798 vulnerability due to the use of hard-coded credentials for a database user. These credentials are immutable in affected versions, enabling remote attackers to gain elevated database access and execute system commands on the server. The vulnerability is rated with a CVSS 4.0 score of 8.7 (high severity), reflecting its ease of exploitation and impact. The vendor addressed this vulnerability in version 2026.4.
Potential Impact
An attacker can remotely exploit the hard-coded credentials to gain elevated privileges on the database and execute system commands on the server hosting Comarch ERP Optima. This can lead to unauthorized data access, system compromise, and potentially full control over the affected server.
Mitigation Recommendations
Upgrade Comarch ERP Optima to version 2026.4 or later, where this vulnerability has been fixed. Since no other remediation or temporary fix is indicated, applying the official update is the recommended action. Patch status is not explicitly confirmed beyond the version fix note, so verify with the vendor advisory for the latest remediation guidance.
CVE-2025-68421: CWE-798 Use of Hard-coded Credentials in Comarch ERP Optima
Description
Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in version 2026.4
CVSS v4.0
Score 8.7high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Comarch ERP Optima contains a CWE-798 vulnerability due to the use of hard-coded credentials for a database user. These credentials are immutable in affected versions, enabling remote attackers to gain elevated database access and execute system commands on the server. The vulnerability is rated with a CVSS 4.0 score of 8.7 (high severity), reflecting its ease of exploitation and impact. The vendor addressed this vulnerability in version 2026.4.
Potential Impact
An attacker can remotely exploit the hard-coded credentials to gain elevated privileges on the database and execute system commands on the server hosting Comarch ERP Optima. This can lead to unauthorized data access, system compromise, and potentially full control over the affected server.
Mitigation Recommendations
Upgrade Comarch ERP Optima to version 2026.4 or later, where this vulnerability has been fixed. Since no other remediation or temporary fix is indicated, applying the official update is the recommended action. Patch status is not explicitly confirmed beyond the version fix note, so verify with the vendor advisory for the latest remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CERT-PL
- Date Reserved
- 2025-12-17T14:10:16.437Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a05a966ec166c07b0b50280
Added to database: 5/14/2026, 10:52:22 AM
Last enriched: 5/21/2026, 12:18:03 PM
Last updated: 6/5/2026, 7:17:19 PM
Views: 50
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.