%20--%3e%3crect%20x='14'%20y='14'%20width='228'%20height='228'%20rx='24'%20fill='%231e1b4b'%3e%3c/rect%3e%3c!--%20Pins%20(lighter%20violet)%20--%3e%3cg%20fill='%23a78bfa'%3e%3c!--%20top%20&%20bottom%20--%3e%3cg%3e%3crect%20x='36'%20y='6'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='60'%20y='6'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='84'%20y='6'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='108'%20y='6'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='132'%20y='6'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='156'%20y='6'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='180'%20y='6'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='204'%20y='6'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='36'%20y='234'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='60'%20y='234'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='84'%20y='234'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='108'%20y='234'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='132'%20y='234'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='156'%20y='234'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='180'%20y='234'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3crect%20x='204'%20y='234'%20width='12'%20height='16'%20rx='3'%3e%3c/rect%3e%3c/g%3e%3c!--%20sides%20--%3e%3cg%3e%3crect%20x='6'%20y='36'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='6'%20y='60'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='6'%20y='84'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='6'%20y='108'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='6'%20y='132'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='6'%20y='156'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='6'%20y='180'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='6'%20y='204'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='234'%20y='36'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='234'%20y='60'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='234'%20y='84'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='234'%20y='108'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='234'%20y='132'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='234'%20y='156'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='234'%20y='180'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3crect%20x='234'%20y='204'%20width='16'%20height='12'%20rx='3'%3e%3c/rect%3e%3c/g%3e%3c/g%3e%3c!--%20Inner%20bezel%20--%3e%3crect%20x='26'%20y='26'%20width='204'%20height='204'%20rx='18'%20fill='%238b5cf6'%3e%3c/rect%3e%3c!--%20Gradient%20die%20--%3e%3crect%20x='46'%20y='46'%20width='164'%20height='164'%20rx='16'%20fill='url(%23chipGradient)'%20filter='url(%23innerGlow)'%3e%3c/rect%3e%3c!--%20Subtle%20grid%20--%3e%3cg%20opacity='0.18'%3e%3cpath%20d='M62%2046V210M78%2046V210M94%2046V210M110%2046V210M126%2046V210M142%2046V210M158%2046V210M174%2046V210M190%2046V210'%20stroke='%23ffffff'%20stroke-width='1'%3e%3c/path%3e%3cpath%20d='M46%2062H210M46%2078H210M46%2094H210M46%20110H210M46%20126H210M46%20142H210M46%20158H210M46%20174H210M46%20190H210'%20stroke='%23ffffff'%20stroke-width='1'%3e%3c/path%3e%3c/g%3e%3c!--%20Enlarged%20H%20--%3e%3cg%20fill='%23ffffff'%20transform='translate(66,64)'%3e%3crect%20x='0'%20y='0'%20width='36'%20height='128'%20rx='6'%3e%3c/rect%3e%3crect%20x='84'%20y='0'%20width='36'%20height='128'%20rx='6'%3e%3c/rect%3e%3crect%20x='0'%20y='48'%20width='120'%20height='32'%20rx='6'%3e%3c/rect%3e%3c/g%3e%3c/svg%3e){kind=small}
CVSS vector viewer
Parse CVSS 3.1 and 4.0 vector strings, view base scores and severity, explore each metric, and export the scorecard as text or an image.
CVSS vector string
CVSS 4.0 scorecard
Base score, severity, and metric breakdown
Huntertech.ioCVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:LRequires access to adjacent network (e.g., same subnet).
No special circumstances required; straightforward.
No special configuration or state required on the target.
No access needed.
Exploit possible without user help.
Partial/limited breach.
No impact on integrity.
Partial/limited breach.
Limited impact on assets beyond the original vulnerable component.
No impact on integrity beyond the vulnerable component.
Limited impact on assets beyond the original vulnerable component.
Understanding CVSS Metrics
Welcome to CVSS
1 / 10The Common Vulnerability Scoring System (CVSS) is a NIST-supported framework for capturing how exploitable a vulnerability is and how bad the impacts can be, then rolling that into one base score so security and engineering teams can prioritize fixes consistently.
At a glance
Three ideas that show up everywhere in CVSS tooling.
Base score
0.0 – 10.0
A single number derived from the vector; higher usually means worse risk in the model.
Vector string
Metrics in one line
Attack path, privileges, user help, scope or follow-on impacts, encoded as compact METRIC:VALUE pairs.
Versions
3.1 and 4.0
This tool parses both. 4.0 adds finer metrics (e.g. attack requirements, subsequent impacts); 3.1 is still widely published on CVEs.
Quick tip: In CVSS, a higher base score means the vulnerability is modeled as more severe; triage and patch priority should reflect your own policy, but the score is the common yardstick.
Understanding Vector Strings
2 / 10A CVSS vector string encodes every base metric used to compute the score from exploit conditions, privileges, user interaction, and confidentiality / integrity / availability impacts, in one parseable line.
Structure
After the version token, segments are slash-separated; each is METRIC:VALUE per the spec.
CVSS:VERSION/METRIC:VALUE/METRIC:VALUE/...- Prefix
CVSS:marks this as a CVSS vector (not CVSS-BE or another profile).- Version
3.1or4.0selects the metric set and scoring formula (yours: 4.0).- Metric pairs
- Examples:
AV:N,PR:H,C:H… Each pair maps to one defined choice in the CVSS specification; the parser uses them to derive the base score.
Your current vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:LThe following steps walk through each metric group (attack, scope or requirements, impacts) in the same order you'll see on the scorecard below.
Attack Vector (AV)
3 / 10Attack Vector describes how a vulnerability can be exploited: how reachable the vulnerable component is to an attacker.
Attack vector values
Can be exploited remotely over the internet; highest exposure in this metric.
Requires access to a shared limited network (e.g. same subnet), not the whole internet.
Attacker must have local access (e.g. shell, session) on the affected system.
Requires physical proximity or contact with the device (e.g. USB, console).
Attack Complexity (AC)
4 / 10Attack Complexity captures whether special conditions must hold for exploitation to succeed.
Complexity values
No specialized conditions; exploit can be performed readily and reliably.
Specific circumstances, timing, or environment constraints must be met.
Privileges Required (PR)
5 / 10Privileges Required is the level of account or rights needed before exploitation can succeed.
Privilege levels
No authentication or prior access, often the worst case for exploitability.
Limited access such as a standard user account may be enough.
Elevated privileges (e.g. admin/root) are required, which narrows who can exploit it.
User Interaction (UI)
6 / 10User Interaction states whether a person must help the attack (open a file, click a link, etc.).
User interaction
Exploit can run without the victim performing a deliberate action.
A user must take an action (e.g. open a malicious document) for exploitation to occur.
Attack Requirements (AT)
7 / 10Attack Requirements capture whether the target must be in a specific configuration or state for exploitation to work.
Attack requirements (CVSS 4.0)
No special configuration or prerequisite state on the vulnerable system.
Certain conditions in the environment must exist for the exploit to succeed.
Vulnerability Impacts (VC/VI/VA)
8 / 10Vulnerability Impacts measure confidentiality, integrity, and availability for the vulnerable component itself (VC, VI, VA in CVSS 4.0).
Direct impacts on the vulnerable component
No impact on this property for the vulnerable component.
Partial or limited breach of this property.
Serious breach (e.g. full data exposure, total loss of control for that property).
Subsequent Impacts (SC/SI/SA)
9 / 10Subsequent Impacts describe harm to assets beyond the originally vulnerable component, replacing the old Scope notion with explicit metrics.
Impacts beyond the vulnerable component
No downstream impact outside the vulnerable component.
Limited additional impact elsewhere in the environment.
Significant broader impact (e.g. lateral movement, wide compromise).
Understanding Scores
10 / 10CVSS scores help organizations prioritize vulnerabilities. Here's how to interpret the base score range:
Base score bands
None (0.0)
No exploitability, no impact; safely ignored.
Low (0.1–3.9)
Little real-world risk. Patch on routine schedule.
Medium (4.0–6.9)
Moderate risk. Evaluate business impact, address within normal cycle.
High (7.0–8.9)
Significant risk. Prioritize for remediation, consider immediate mitigations.
Critical (9.0–10.0)
Highest risk. Must remediate urgently to prevent likely compromise.
How scores are used
CVSS 4.0 vectors and metrics help security teams better match real-world exploitability and organizational risk, with more detail and context than any previous version. Scores change in finer increments (minimum 0.1 per change), providing more granularity when comparing vulnerabilities.
What's new in CVSS 4.0
Learn more
The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The vector string contains all the information needed to calculate the base score, which ranges from 0.0 to 10.0.
For official CVSS specifications and detailed scoring formulas, visit: first.org/cvss