Guides
Start typing to search…

How does Cytidel's risk rating work?

Cytidel assigns a risk rating to each vulnerability to help security teams quickly understand its potential impact and threat relevance.

Rather than relying on a single metric, Cytidel evaluates vulnerabilities using a combination of vulnerability scores, threat intelligence signals, and exploitation indicators. This allows us to highlight vulnerabilities that are actively discussed, weaponised, or exploited, not just those with high severity scores.

Each vulnerability is continuously analysed and assigned a risk rating, making it easier to prioritise remediation and investigation.

How Cytidel evaluates vulnerabilities

Cytidel evaluates both newly disclosed and existing vulnerabilities using multiple intelligence signals.

These signals include:

  • Vulnerability severity scores such as CVSS
  • Exploit likelihood metrics such as EPSS
  • Evidence of exploitation, including exploit code or real-world attacks
  • Threat intelligence signals, such as discussion in news, research publications, or threat actor activity
  • Cytidel intelligence signals, including analyst insights and intelligence feeds

These inputs are combined using Cytidel’s internal scoring model to produce an overall risk rating for each CVE.

Risk rating levels

Each vulnerability is assigned one of five risk levels based on the intelligence signals and threat activity detected.

Significant Significant threat activity has been identified. These vulnerabilities are often widely discussed, have active exploits or multiple proof-of-concepts available, and may be actively exploited.

High High levels of threat activity or exploitation signals have been identified. These vulnerabilities may have exploit code available or strong indicators of attacker interest.

Elevated Moderate but notable threat signals are present. These vulnerabilities may show signs of increasing attention from researchers or attackers.

Moderate Some risk indicators are present, but limited evidence of exploitation or threat activity exists.

Low Minimal threat activity has been identified. These vulnerabilities typically have little discussion, no known exploits, and low exploit likelihood.

Why risk rating matters

Security teams often face thousands of vulnerabilities across their environment. Cytidel’s risk rating helps you focus on the vulnerabilities most likely to pose a real-world threat.

By combining multiple intelligence signals, the risk rating helps you:

  • prioritise vulnerabilities that show signs of exploitation
  • identify vulnerabilities gaining attention from researchers or attackers
  • focus remediation efforts on vulnerabilities with higher operational risk

This allows security teams to prioritise vulnerabilities based on real-world threat context, not just severity scores.

Updated 24 days ago