CVE-2025-68420 – Privilege Escalation in Comarch ERP Optima

CVE ID :CVE-2025-68420

Published : May 14, 2026, 10:35 a.m. | 23 minutes ago

Description :Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it’s memory, extract credentials and use them to gain a privileged access to the database. In order to exploit this vulnerability, the client application has to be already configured, but a user does not have to be logged in. 
This issue has been fixed in version 2026.4

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-45205 – Apache Commons Configuration: StackOverflowError for YAML input with cycles

CVE-2025-68421 – Hardcoded credentials in Comarch ERP Optima

CVE-2026-8468 – Unbounded buffer accumulation in multipart header parsing causes denial of service in plug

CVE-2026-8295 – Integer overflow in simdjson