EPSS (Exploit Prediction Scoring System)
A model that estimates the probability that a vulnerability will be exploited in the wild within the next 30 days.
What is EPSS (Exploit Prediction Scoring System)?
What is EPSS (Exploit Prediction Scoring System)?
EPSS provides a probability score (0 to 1) representing the likelihood that a vulnerability will be actively exploited. Unlike CVSS which rates theoretical severity, EPSS uses real-world data — exploit code availability, social media mentions, threat intelligence feeds — to predict actual exploitation. A CVE with a high CVSS but low EPSS may be less urgent than one with moderate CVSS but high EPSS. Combining CVSS and EPSS helps prioritize remediation based on real risk rather than theoretical severity alone.
Secure your entire stack today
Start scanning in under 5 minutes. No credit card required. 14-day free trial included.