Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A standard rating for software vulnerabilities’ severity, guiding how urgent remediation should be.
Common Vulnerability Scoring System CVSS Definition: A standard rating for software vulnerabilities’ severity, guiding how urgent remediation should be.
Common Vulnerability Scoring System (CVSS) standardizes how to rate the severity of software flaws, enabling organizations to prioritize fixes consistently. A numerical score (0–10) derived from Base metrics (attack vector, complexity, privileges required, user interaction, scope, and confidentiality/integrity/availability impacts), Temporal metrics (exploit maturity, remediation level), and Environmental metrics (specific business impact) captures how exploitable and damaging a vulnerability can be. Version 3.1 refined earlier scoring rubrics to handle scope changes (e.g., container escapes). Limitations include not factoring in real-time threat intelligence unless you adjust the Temporal or Environmental metrics, and ignoring business context beyond broad categories. Despite these drawbacks, CVSS remains widely used in security bulletins and vulnerability management dashboards. Mature teams supplement raw CVSS with additional factors like exploit availability, asset criticality, or compensating controls to triage effectively. Scores help unify communication across IT teams, compliance auditors, and leadership, but they aren’t a sole decision-maker. CVSS fosters a common language around severity and encourages consistent patch prioritization methods across multi-vendor environments.
Turn knowledge into credentials. Browse our instructor-led cybersecurity courses.
View All Courses →