CVE-2025-68420
CWE-266Published: May 14, 2026· Updated: May 14, 2026
Official Description
Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to the database. In order to exploit this vulnerability, the client application has to be already configured, but a user does not have to be logged in.
This issue has been fixed in version 2026.4
Technical Analysis
CVE-2025-68420 requires local access, meaning attackers must already have a foothold on the target system.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
All References (2)
Quick Facts
Related CVEs (CWE-266)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2025-68420 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts