Cvss 4.0 Calculator
'/%3E%3Ccircle cx='48' cy='39' r='19' fill='%23f2c9a5'/%3E%3Cpath d='M27 35c3-16 39-17 42 2-8-8-27-9-42-2z' fill='%23374151'/%3E%3Cpath d='M21 86c5-24 49-28 56 0z' fill='%232563eb'/%3E%3Ccircle cx='41' cy='41' r='2' fill='%23111827'/%3E%3Ccircle cx='55' cy='41' r='2' fill='%23111827'/%3E%3Cpath d='M42 52c4 3 9 3 13 0' stroke='%2392400e' stroke-width='3' fill='none' stroke-linecap='round'/%3E%3C/svg%3E)
Reviewed by Calculator Editorial Team
CVSS (Common Vulnerability Scoring System) 4.0 is a standardized method for assessing the severity of software vulnerabilities. This calculator helps you determine the CVSS score based on the vulnerability's characteristics, enabling better risk management and prioritization.
What is CVSS 4.0?
CVSS 4.0 is the latest version of the Common Vulnerability Scoring System, developed by the Forum of Incident Response and Security Teams (FIRST). It provides a standardized way to assess the severity of software vulnerabilities by evaluating various characteristics of the vulnerability.
The CVSS score ranges from 0 to 10, where 0 indicates no impact and 10 indicates a critical vulnerability that could lead to complete system compromise. The score is calculated based on three metric groups:
- Base Metrics: Characteristics of the vulnerability that don't change over time
- Temporal Metrics: Characteristics that change over time
- Environmental Metrics: Characteristics specific to a user's environment
This calculator focuses on the Base Metrics, which are the most commonly used in vulnerability assessments.
How to Use This Calculator
To calculate a CVSS 4.0 score:
- Select the appropriate values for each of the Base Metric Groups (Exploitability, Impact, and Privileges Required)
- Click the "Calculate" button
- Review the calculated score and severity rating
- Use the chart to visualize the score distribution
The calculator provides a detailed breakdown of how the score is calculated and explains what each metric means.
CVSS Metrics Explained
Exploitability Metrics
- Attack Vector (AV): How the vulnerability is exploited (Network, Adjacent Network, Local, Physical)
- Attack Complexity (AC): How difficult it is to exploit the vulnerability (Low, High)
- Privileges Required (PR): The level of privileges needed to exploit the vulnerability (None, Low, High)
- User Interaction (UI): Whether user interaction is required (None, Required)
Impact Metrics
- Confidentiality Impact (C): Impact on confidentiality (None, Low, High)
- Integrity Impact (I): Impact on integrity (None, Low, High)
- Availability Impact (A): Impact on availability (None, Low, High)
Privileges Required (PR)
This metric indicates the level of privileges an attacker needs to have to exploit the vulnerability:
- None: The attacker does not need any privileges
- Low: The attacker needs basic user privileges
- High: The attacker needs administrative privileges
Severity Rating Scale
The CVSS score is rated on a scale from 0 to 10, with the following severity ratings:
| Score Range | Severity | Description |
|---|---|---|
| 0.0 | None | No impact |
| 0.1 - 3.9 | Low | Minimal impact, easily mitigated |
| 4.0 - 6.9 | Medium | Moderate impact, requires attention |
| 7.0 - 8.9 | High | Significant impact, should be addressed |
| 9.0 - 10.0 | Critical | Severe impact, requires immediate attention |
Note: The severity rating is based on the Base Score only. Temporal and Environmental scores may affect the final risk assessment.
Example Calculation
Let's calculate the CVSS score for a vulnerability with the following characteristics:
- Attack Vector: Network (AV:N)
- Attack Complexity: Low (AC:L)
- Privileges Required: None (PR:N)
- User Interaction: None (UI:N)
- Confidentiality Impact: High (C:H)
- Integrity Impact: High (I:H)
- Availability Impact: High (A:H)
Formula: BaseScore = round_to_1_decimal(min((3.95 * ISS * E), 10))
Where ISS = 1 - ((1 - C) * (1 - I) * (1 - A))
E = 8.22 * AV * AC * PR * UI
Calculating step-by-step:
- Calculate Impact Sub-Score (ISS):
- C = 0.56 (High)
- I = 0.56 (High)
- A = 0.56 (High)
- ISS = 1 - ((1 - 0.56) * (1 - 0.56) * (1 - 0.56)) = 0.915
- Calculate Exploitability Sub-Score (E):
- AV = 0.85 (Network)
- AC = 0.77 (Low)
- PR = 0.85 (None)
- UI = 0.85 (None)
- E = 8.22 * 0.85 * 0.77 * 0.85 * 0.85 ≈ 4.39
- Calculate Base Score:
- BaseScore = min((3.95 * 0.915 * 4.39), 10) ≈ 15.5
- Rounded to 1 decimal place: 15.5
- However, the maximum score is 10, so the final Base Score is 10.0
This example demonstrates a critical vulnerability with a maximum CVSS score of 10.0.