Security Operations Tools
CVSS Prioritization Calculator
Enter CVSS score, EPSS probability, and context factors to compute remediation priority, SLA tier, and risk score.
No data is transmitted — everything runs locallyTool
Example — CVSS 7.8 · EPSS 0.045 · internet-facing · no KEV
CVSS base score
7.8
High
EPSS probability
4.5%
exploitation in 30 days
Priority tier
P1 — Patch within 7d
Risk score
10.6
CVSS × EPSS × context factors
About this tool
CVSS Prioritization Calculator
The CVSS Prioritization Calculator combines CVSS base score, EPSS probability, exposure, and CISA KEV status into a remediation priority score and SLA tier.
• Prioritize a backlog of vulnerabilities by combined CVSS and EPSS score
• Determine SLA tier for a Critical CVE on an internet-facing system
• Calculate priority for a CVE that's in the CISA Known Exploited Vulnerabilities list
• Justify expedited patching for a high-EPSS medium-CVSS vulnerability
Affiliate disclosure
Uptime, incident, and on-call management. Better Stack provides status pages, incident management, and on-call scheduling for engineering teams.
View remediation credentials with 1Password
External site · Independent provider · We may receive a commission · Not a recommendation
FAQ
What does this tool tell you?
The CVSS Prioritization Calculator combines CVSS base score, EPSS probability, exposure, and CISA KEV status into a remediation priority score and SLA tier.
What affects the result most?
CVSS v3.1 base score: AV (network), AC (low), PR (none), UI (none), S (changed), C/I/A (high) = 10.0. Critical ≥9.0, High 7.0-8.9, Medium 4.0-6.9, Low 0.1-3.9. EPSS score: Exploit Prediction Scoring System — probability of exploitation in the wild in next 30 days.
How should I use the result?
The calculation is deterministic — the same inputs always produce the same output — so the most useful workflow is to vary one input at a time and see which factor moves the result most. That tells you where to focus your attention before committing to a decision.
Related tools