CVSS - SparTech Software

A CVSS score, or Common Vulnerability Scoring System score, is a standardized numerical value (ranging from 0 to 10) used to assess and communicate the severity of security vulnerabilities in software and systems. The higher the score, the more severe the vulnerability, helping organizations prioritize which issues to address first.

How CVSS Scores Work

CVSS provides a consistent way to evaluate vulnerabilities across different platforms and vendors. It does this by considering several factors, grouped into metrics, to generate a score:

Base Metrics: Measure the inherent qualities of a vulnerability (e.g., how easy it is to exploit, what privileges are required, whether user interaction is needed, and the potential impact on confidentiality, integrity, and availability).
Temporal Metrics: Adjust the score based on factors that can change over time, such as the availability of patches or exploit code.
Environmental Metrics: Allow organizations to tailor the score to their specific environment, reflecting how the vulnerability could affect their unique systems and business context.

CVSS Score Ranges and Severity Levels

CVSS Score	Severity Level
0.0	None
0.1–3.9	Low
4.0–6.9	Medium
7.0–8.9	High
9.0–10.0	Critical

What Factors Influence the Score?

Key elements that affect a CVSS score include:

Attack Vector: How the vulnerability can be exploited (e.g., over a network vs. physical access).
Attack Complexity: How difficult it is to exploit the vulnerability.
Privileges Required: The level of access an attacker needs before exploiting the vulnerability.
User Interaction: Whether a user must participate for the exploit to succeed.
Scope: Whether the vulnerability can affect components beyond its initial target.
Impact on Confidentiality, Integrity, and Availability: The potential damage to data and systems if exploited.

Limitations

A CVSS score measures severity, not risk. It does not account for how likely a vulnerability is to be exploited in the wild or the specific context of an organization’s IT environment. Also, scores may not be updated quickly as new information emerges, and not all vulnerabilities are immediately scored

Synonyms:

Common Vulnerability Scoring System

Tenable releases patches for Tenable Nessus Agent fixing high-severity vulnerabilities that could allow users to escalate privileges and execute code.
Tenable recently released important security patches for the Nessus Agent, addressing several high-severity vulnerabilities that could allow local users to escalate privileges, overwrite or delete files, or execute arbitrary code with elevated privileges. The most recent fixes are included in Nessus Agent version 10.8.5, released in June 2025.
Critical vulnerability discovered in popular ASUS Armoury Crate software.
A critical vulnerability (CVE-2025-3464) was discovered in ASUS Armoury Crate, a popular system management tool for ASUS Windows PCs. This flaw allows attackers with local access to escalate privileges and gain full administrative (SYSTEM) control over the affected machine.
CISA issues critical warning about active exploits against discontinued TP-Link routers.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a high-severity vulnerability (CVE-2023-33538) that is being actively exploited in the wild against several discontinued TP-Link router models.
Critical vulnerabilty in popular AI developer IDE, Langflow, is being actively exploited to deploy Flodrix malware.
A critical vulnerability in Langflow (CVE-2025-3248) is being actively exploited to deploy the Flodrix botnet, marking a significant threat to AI development infrastructure based on the popular product.
Teleport says their secure access software is subject to critical authentication bypass flaw.
Teleport, an open-source platform for secure access to infrastructure, issued a warning on Friday about a critical-severity vulnerability that could allow remote attackers to bypass standard authentication controls.

United States	~59% of ransomware attacks globally Thousands per year
Poland	1,000+ per week
Russia	Highest cybercrime threat level
China	Thousands per year
India	115% surge in attacks Q2 2024
Ukraine	Significant surge since 2022
Brazil	Among top countries for blocked attacks
Mexico	65% of businesses hit in 2024
Germany	High targeted rate (EU)
France	High targeted rate (EU)

AS Name	ASN
Bharat Sanchar Nigam Ltd	9829
No.31,Jin-rong Street	4134
CHINA UNICOM China169 Backbone	4837
DigitalOcean, LLC	14061
HUAWEI INTERNATIONAL PTE. LTD.	136907
Amazon.com, Inc.	14618
Alibaba (US) Technology Co., Ltd.	45102
Google LLC	396982
Amazon.com, Inc.	16509
3xK Tech GmbH	200373

IP Address	Notable Exploits/Context
104.238.159.149	SharePoint zero-day, broad exploitation
107.191.58.76	SharePoint zero-day, government targets
96.9.125.147	SharePoint, previously Ivanti exploits
139.162.47.194	Exploits on CitrixBleed 2
38.180.148.215	CitrixBleed 2 campaigns
185.224.128.17	High activity, Netherlands
89.248.163.200	High activity, Netherlands
15.235.218.150	Associated with APT, active C2
45.9.148.114	Associated with C2, malicious netflow
91.107.150.184	C2 infrastructure, recent IoC

How CVSS Scores Work

CVSS Score Ranges and Severity Levels

What Factors Influence the Score?

Limitations

Related