Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Thu, 07 Aug 2025 07:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Vision Ui Project
Vision Ui Project vision Ui |
|
Vendors & Products |
Vision Ui Project
Vision Ui Project vision Ui |
Wed, 06 Aug 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 05 Aug 2025 23:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the getSecureRandomInt function in security-kit versions prior to 3.5.0 (packaged in Vision-ui <= 1.4.0) contains a critical cryptographic weakness. Due to a silent 32-bit integer overflow in its internal masking logic, the function fails to produce a uniform distribution of random numbers when the requested range between min and max is larger than 2³². The root cause is the use of a 32-bit bitwise left-shift operation (<<) to generate a bitmask for the rejection sampling algorithm. This causes the mask to be incorrect for any range requiring 32 or more bits of entropy. This issue is fixed in version 1.5.0. | |
Title | Vision UI's security-kit Contains Cryptographic Weakness | |
Weaknesses | CWE-338 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-08-06T20:30:17.347Z
Reserved: 2025-07-31T17:23:33.476Z
Link: CVE-2025-54883

Updated: 2025-08-06T16:14:24.892Z

Status : Awaiting Analysis
Published: 2025-08-06T00:15:32.050
Modified: 2025-08-06T20:23:37.600
Link: CVE-2025-54883

No data.

Updated: 2025-08-06T15:12:39Z