Skip to content
πŸ› οΈToolsShed

CVE CVSS Calculator

Calculate CVSS v3.1 Base Score for vulnerability severity assessment.

9.8
Critical
CVSS v3.1 Base Score
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
None
0.0
Low
0.1–3.9
Medium
4.0–6.9
High
7.0–8.9
Critical
9.0–10.0

About this tool

The Common Vulnerability Scoring System (CVSS) is an open standard for rating the severity of software vulnerabilities on a 0 to 10 scale. Because most teams face far more disclosed flaws than they can fix at once, a consistent score is essential for prioritizing remediation and deciding what to patch first.

To use this calculator, select the CVSS v3.1 base metrics for the vulnerability you are assessing: attack vector, attack complexity, privileges required, user interaction, scope, and the impact on confidentiality, integrity, and availability. The tool instantly returns a numeric Base Score and its qualitative severity rating of None, Low, Medium, High, or Critical. It is a daily working aid for security analysts, penetration testers, and triage teams.

Keep in mind that the Base Score reflects the intrinsic, constant properties of a vulnerability, while Temporal and Environmental metrics adjust for exploit maturity and your specific deployment. The score informs your decisions but does not replace context-aware risk judgment about your own assets and exposure.

Frequently Asked Questions

Code Implementation

import math

# CVSS v3.1 Base Score Calculator
WEIGHTS = {
    'AV': {'N': 0.85, 'A': 0.62, 'L': 0.55, 'P': 0.20},
    'AC': {'L': 0.77, 'H': 0.44},
    'PR_U': {'N': 0.85, 'L': 0.62, 'H': 0.27},  # Unchanged scope
    'PR_C': {'N': 0.85, 'L': 0.68, 'H': 0.50},  # Changed scope
    'UI': {'N': 0.85, 'R': 0.62},
    'CIA': {'N': 0.00, 'L': 0.22, 'H': 0.56},
}

def roundup(x: float) -> float:
    """CVSS-specific roundup to 1 decimal place."""
    return math.ceil(x * 10) / 10

def calculate_cvss_base(av, ac, pr, ui, scope, c_impact, i_impact, a_impact) -> tuple[float, str]:
    """Calculate CVSS v3.1 Base Score."""
    scope_changed = scope == 'C'
    pr_w = WEIGHTS['PR_C'][pr] if scope_changed else WEIGHTS['PR_U'][pr]

    iss = 1 - (1 - WEIGHTS['CIA'][c_impact]) * (1 - WEIGHTS['CIA'][i_impact]) * (1 - WEIGHTS['CIA'][a_impact])

    if scope_changed:
        impact = 7.52 * (iss - 0.029) - 3.25 * (iss - 0.02) ** 15
    else:
        impact = 6.42 * iss

    exploitability = 8.22 * WEIGHTS['AV'][av] * WEIGHTS['AC'][ac] * pr_w * WEIGHTS['UI'][ui]

    if impact <= 0:
        score = 0.0
    elif scope_changed:
        score = roundup(min(1.08 * (impact + exploitability), 10))
    else:
        score = roundup(min(impact + exploitability, 10))

    # Severity
    severity = 'None' if score == 0 else 'Low' if score < 4 else 'Medium' if score < 7 else 'High' if score < 9 else 'Critical'
    return score, severity

# Example: Critical vulnerability (Log4Shell-like)
score, severity = calculate_cvss_base(
    av='N', ac='L', pr='N', ui='N',  # Network, Low complexity, No privileges, No user interaction
    scope='C',                          # Scope Changed
    c_impact='H', i_impact='H', a_impact='H'  # High CIA impact
)
print(f"Log4Shell-like score: {score} ({severity})")

# Example: Local privilege escalation
score, severity = calculate_cvss_base('L', 'L', 'L', 'N', 'U', 'H', 'H', 'N')
print(f"Local privesc: {score} ({severity})")

Comments & Feedback

Comments are powered by Giscus. Sign in with GitHub to leave a comment.