CVE-2025-54883

Name of the Vulnerable Software and Affected Versions Vision UI versions 1.4.0 and below security-kit versions prior to 3.5.0

Description The getSecureRandomInt function contains a cryptographic weakness due to a silent 32-bit integer overflow in its internal masking logic. This prevents the function from producing a uniform distribution of random numbers when the requested range between min and max is larger than 2³². The root cause is the use of a 32-bit bitwise left-shift operation (<<) to generate a bitmask for the rejection sampling algorithm, resulting in an incorrect mask for ranges requiring 32 or more bits of entropy.

Recommendations Update to Vision UI version 1.5.0 or later. Update security-kit to version 3.5.0 or later.