CWE-153: Improper Neutralization of Substitution Characters
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as substitution characters when they are sent to a downstream component.
Last updated
Overview
CWE-153 (Improper Neutralization of Substitution Characters) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
5 recorded CVEs are caused by CWE-153 (Improper Neutralization of Substitution Characters). The highest-severity and most recent are shown first. 1 new CWE-153 CVE has been recorded so far in 2026 (4 in 2025).
- CVE-2025-53006
Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability
High · CVSS 8.9 · EPSS 42th2025-07-02 - CVE-2025-53005
Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability
High · CVSS 8.9 · EPSS 41th2025-07-01 - CVE-2025-53004
Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability