Eight years after the release of the previous major version of the Common Vulnerability Scoring System, CVSS v3.0, the Forum of Incident Response and Security Teams (FIRST) has officially released CVSS v4.0.
You can find here the new CVSS score calculator.
Higher scores indicate more severe vulnerabilities. The CVSS is a standardized framework for evaluating the severity of software security vulnerabilities. It is used to assign numerical scores or qualitative representations (such as low, medium, high, and critical) based on exploitability, impact on confidentiality, integrity, availability, and required privileges.
It helps prioritize responses to security threats as it provides a consistent way to evaluate vulnerabilities’ impact and compare risks across different systems and software.
“A key enhancement to CVSS v4.0 is also the additional applicability to OT/ICS/IoT, with Safety metrics and values added to both the Supplemental and Environmental metric groups.” FIRST stated.
This latest version also includes a new nomenclature, with severity ratings for Base (CVSS-B), Base + Threat (CVSS-BT), Base + Environmental (CVSS-BE), and Base + Threat + Environmental (CVSS-BTE).