Use of Hard-coded Credentials

CVE-2025-68421

High

8.7/10

Summary

Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in version 2026.4

Attack Complexity: LOW
Attack Vector: ADJACENT
User Interaction: NONE
Privileges Required: NONE

CWE-798 - Use of Hard-coded Credentials

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

References

Advisory Timeline

Published May 14, 2026

Use of Hard-coded Credentials

CVE-2025-68421

Summary

CWE-798 - Use of Hard-coded Credentials

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS