NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2025-68421

Summary	Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in version 2026.4
Publication Date	May 14, 2026, 8:16 p.m.
Registration Date	May 15, 2026, 4:24 a.m.
Last Update	May 15, 2026, 1:07 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.pl/posts/2026/05/CVE-2025-68420/	cvd@cert.pl
2	https://www.comarch.pl/erp/comarch-optima/	cvd@cert.pl

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-798	ハードコードされた認証情報の使用	https://cwe.mitre.org/data/definitions/798.html