CVSS, the Common Vulnerability Scoring System, is an open framework for rating the severity of a security vulnerability on a scale from 0.0 to 10.0. The score is derived from factors like how a flaw is exploited and the impact on confidentiality, integrity, and availability. Higher scores indicate more severe vulnerabilities.
CVSS bands map to labels: 0.1 to 3.9 is low, 4.0 to 6.9 medium, 7.0 to 8.9 high, and 9.0 to 10.0 critical. Teams use these scores to decide what to patch first.
The base score reflects the flaw in isolation; it is not a complete picture of your risk. A "critical" CVE on a system with no network exposure may matter less than a "medium" on an internet-facing one, which is why context still drives prioritization.
traztech delivers vulnerability triage and prioritization for startups and growth-stage companies, led by a published CVE researcher.
Book a call