CVE-2025-54883

Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the getSecureRandomInt function in security-kit versions prior to 3.5.0 packaged in Vision-ui = 1.4.0 contains a critical cryptographic weakness. Due to a silent 32-bit...

CVE-2025-54884 Vision UI security-kit.js: Potential Uncontrolled Resource Allocation Vulnerability

Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the generateSecureId and getSecureRandomInt functions in security-kit versions prior to 3.5.0 packaged in Vision UI 1.4.0 and below are vulnerable to Denial of Service DoS...

CVE-2025-54883 Vision UI's security-kit Contains Cryptographic Weakness

Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the getSecureRandomInt function in security-kit versions prior to 3.5.0 packaged in Vision-ui = 1.4.0 contains a critical cryptographic weakness. Due to a silent 32-bit...

CVE-2025-54883

Summary: CVE-2025-54883 affects Vision UI up to version 1.4.0, where the internal getSecureRandomInt in security-kit pre-3.5.0 uses a 32‑bit mask in rejection sampling that overflows, producing a non-uniform distribution of random numbers when the requested entropy exceeds 32 bits. The root cause...