CVSS (Common Vulnerability Scoring System)

CVSS produces a numeric severity score, from 0.0 to 10.0, based on characteristics such as how a vulnerability is exploited, the complexity of attack, and the impact on confidentiality, integrity, and availability.

The score helps organizations prioritize remediation, with bands typically labelled low, medium, high, and critical. It complements the CVE identifier, which names the vulnerability rather than rating it.