ByteOS Network

ERP Optima

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-68420

Assigner-CERT.PL

View Details

Assigner-CERT.PL

CVSS Score-7.5||HIGH

EPSS-0.01% / 2.68%

7 Day CHG~0.00%

Published-14 May, 2026 | 10:35

Updated-14 May, 2026 | 16:07

Privilege Escalation in Comarch ERP Optima

Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to the database. In order to exploit this vulnerability, the client application has to be already configured, but a user does not have to be logged in. This issue has been fixed in version 2026.4

Vendor-Comarch

Product-ERP Optima

CWE ID-CWE-266

Incorrect Privilege Assignment

CVE-2025-68421

Assigner-CERT.PL

View Details

Assigner-CERT.PL

CVSS Score-8.7||HIGH

EPSS-0.05% / 14.24%

7 Day CHG~0.00%

Published-14 May, 2026 | 10:35

Updated-14 May, 2026 | 17:55

Hardcoded credentials in Comarch ERP Optima

Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in version 2026.4

Vendor-Comarch

Product-ERP Optima

CWE ID-CWE-798

Use of Hard-coded Credentials