What is CVSS (Common Vulnerability Scoring System)? - apviso [APVISO](/)Product

Resources

Developers

Company

[Pricing](/#pricing)[Partners](/partners)[Enterprise](/enterprise)

[Login](/login)[Get started](/register)

[Login](/login)[Start pentest](/register)

[Home](/)[Glossary](/glossary)CVSS (Common Vulnerability Scoring System)[Back to Glossary](/glossary)CVSS (Common Vulnerability Scoring System)
==========================================

A standardized framework for rating the severity of security vulnerabilities on a 0-10 scale, used to prioritize remediation efforts.

security conceptvulnerability managementscoring

The Common Vulnerability Scoring System (CVSS) is an open framework for assessing and communicating the severity of software vulnerabilities. It produces a numerical score from 0 to 10, where 10 is the most severe, along with a severity rating: None (0), Low (0.1-3.9), Medium (4.0-6.9), High (7.0-8.9), and Critical (9.0-10.0).

CVSS v3.1 (and the newer v4.0) calculates scores based on three metric groups: Base metrics (attack vector, complexity, privileges required, user interaction, scope, impact on confidentiality/integrity/availability), Temporal metrics (exploit code maturity, remediation level, report confidence), and Environmental metrics (organization-specific modifiers).

CVSS scores are essential for vulnerability prioritization. Most organizations use them to set SLAs for remediation — critical vulnerabilities might require a 24-hour fix, while low-severity issues may have a 90-day window.

How APVISO tests for this: APVISO assigns CVSS-aligned severity ratings to all discovered findings, considering attack vector, complexity, and impact. This helps security teams prioritize remediation based on industry-standard severity assessments.

Related Terms
-------------

[CVE (Common Vulnerabilities and Exposures)](/glossary/cve)[OWASP Top 10](/glossary/owasp-top-10)

Test your applications for cvss (common vulnerability scoring system) vulnerabilities
-------------------------------------------------------------------------------------

APVISO's AI agents automatically test for this and many more vulnerability categories.

[Contact sales](/contact)

[APVISO](/)Autonomous AI-powered penetration testing for modern web applications.

Subscribe

[](https://github.com/apviso)[](https://x.com/Apviso_com)[](https://www.linkedin.com/company/apviso/)

[![Featured on Good AI Tools](https://goodaitools.com/assets/images/badge.png)](https://goodaitools.com/ai/apviso)

Product

- [Features](/#features)
- [Sentinel](/sentinel)
- [Pricing](/pricing)
- [Integrations](/integrations)
- [Benchmarks](/#compare)
- [Affiliate Program](/affiliate)
- [Partners](/partners)
- [Enterprise](/enterprise)

Resources

- [Blog](/blog)
- [Use Cases](/use-cases)
- [Glossary](/glossary)
- [Comparisons](/comparisons)
- [Alternatives](/alternatives)
- [Compliance](/compliance)
- [Vulnerabilities](/vulnerabilities)
- [Industries](/industries)
- [OWASP APTS](/trust/apts)

Developers

- [Knowledge Base](/docs)
- [API Reference](/docs/api)
- [MCP Server](/docs/mcp)

Company

- [About](/about)
- [Contact](/contact)
- [Status](https://status.apviso.com)
- [Privacy Policy](/legal/privacy)
- [Terms of Service](/legal/terms)

© 2026 APVISO. All rights reserved.
