Description

Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the generateSecureId and getSecureRandomInt functions in security-kit versions prior to 3.5.0 (packaged in Vision UI 1.4.0 and below) are vulnerable to Denial of Service (DoS) attacks. The generateSecureId(length) function directly used the length parameter to size a Uint8Array buffer, allowing attackers to exhaust server memory through repeated requests for large IDs since the previous 1024 limit was insufficient. The getSecureRandomInt(min, max) function calculated buffer size based on the range between min and max, where large ranges caused excessive memory allocation and CPU-intensive rejection-sampling loops that could hang the thread. This issue is fixed in version 1.5.0.

INFO

Published Date :

2025-08-05T23:37:28.995Z

Last Modified :

2025-08-06T20:30:54.459Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54884 vulnerability.

Vendors Products
Vision Ui Project
  • Vision Ui
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54884.

URL Resource
https://github.com/DavidOsipov/Vision-ui/commit/74802cd688b661a35e638fc96938d65ca7c05ff5 cve-icon cve-icon
https://github.com/DavidOsipov/Vision-ui/releases/tag/1.5.0 cve-icon cve-icon
https://github.com/DavidOsipov/Vision-ui/security/advisories/GHSA-gg28-wc2c-jjj3 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability