Tools

CVSS v3.1 Calculator

Build a base vector, calculate the score, and validate severity before you prioritize the issue.

Score output

Choose the metrics to generate the base vector and score.

See why one metric changes the story

Disputed CVSS guidance

Example vector

Network issue with no privileges required

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Try changing User Interaction from None to Required in the calculator above. The score changes because exploitation now depends on a user action.

Prioritization context

CVSS is not the whole decision

CVSSTechnical severity of the vulnerability characteristics.
EPSSProbability-style exploitation signal, not local impact proof.
CISA KEVKnown exploited catalog signal that often raises urgency.