CVSS

Common Vulnerability Scoring System: a 0.0 to 10.0 severity score for security vulnerabilities, currently at version 4.0.

CVSS (Common Vulnerability Scoring System) is the open standard for rating the severity of security vulnerabilities. A CVSS Base Score (0.0 to 10.0) combines exploitability metrics (attack vector, complexity, privileges, user interaction) with impact metrics (confidentiality, integrity, availability) and maps to qualitative ratings: None, Low, Medium, High, Critical. CVSS v4.0 (2023) added the Threat and Environmental metric groups and replaced v3.1's scope concept. Most CVE entries on NVD include a CVSS vector and score.

Reference

FIRST: CVSS v4.0 Specification

Related terms

CVE
Zero-Day

Referenced on

How to Report Network Security Incidents to a CERT Team: Templates for Vulnerability Exploitation and Intrusions

Back to the full glossary