Home > Vulnerability Database > CVE-2025-54883

Mend.io Vulnerability Database

CVE-2025-54883

Good to know:

Date: August 5, 2025

Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the getSecureRandomInt function in security-kit versions prior to 3.5.0 (packaged in Vision-ui <= 1.4.0) contains a critical cryptographic weakness. Due to a silent 32-bit integer overflow in its internal masking logic, the function fails to produce a uniform distribution of random numbers when the requested range between min and max is larger than 2³². The root cause is the use of a 32-bit bitwise left-shift operation (<<) to generate a bitmask for the rejection sampling algorithm. This causes the mask to be incorrect for any range requiring 32 or more bits of entropy. This issue is fixed in version 1.5.0.

Severity Score

10.0

Related Resources (4)

Url: https://github.com/DavidOsipov/Vision-ui/security/advisories/GHSA-c9xg-x7h3-mq2q

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-54883

Url: https://github.com/DavidOsipov/Vision-ui/commit/347355859f05e98047efbd96fc0e61b9191324f1

Url: https://www.mend.io/vulnerability-database/CVE-2025-54883

Severity Score

10.0

Weakness Type (CWE)

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CWE-338

Top Fix

Upgrade Version

Upgrade to version https://github.com/DavidOsipov/Vision-ui.git - 1.5.0

Learn More

CVSS v3.1

Base Score:	10.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-54883

Good to know:

Date: August 5, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?