CVE Prioritization Tool
Paste any CVE IDs and get an instant patch priority: P0 (24h) through P4 (90-day cycle). Combines CVSS severity, EPSS exploitation probability, and CISA KEV status in one verdict.
Priority Decision Matrix
| Priority | Condition | SLA |
|---|---|---|
| P0 | CISA KEV listed (actively exploited) | 24 hours |
| P1 | EPSS > 50% AND CVSS 9.0+ | 48 hours |
| P2 | EPSS > 50% OR (CVSS 9.0+ with elevated EPSS) | 7 days |
| P3 | CVSS 7.0+ or EPSS > 10% | 30 days |
| P4 | CVSS 4.0+ with low EPSS | 90 days |
CVSS from NVD. EPSS from FIRST.org (probability of exploitation in next 30 days). KEV from CISA Known Exploited Vulnerabilities catalog.