Look up the Exploit Prediction Scoring System (EPSS) score for any CVE. Prioritize vulnerabilities by the likelihood of real-world exploitation — powered by FIRST.org.
The Exploit Prediction Scoring System (EPSS) is a data-driven, daily-updated score (0–100%) that estimates the probability a CVE vulnerability will be exploited in the wild within the next 30 days. It is maintained by FIRST.org and helps security teams prioritize patching based on real-world threat intelligence rather than just theoretical severity. Use this free EPSS score checker to instantly assess any CVE and make faster, smarter remediation decisions.
The EPSS score (0–100%) tells you the chance a CVE will be exploited in the wild within the next 30 days. A score of 85% means an 85% chance of attack — patch it fast. This score is updated daily by FIRST.org using real threat data, exploit code availability, and attack intelligence.
The percentile rank shows how this CVE compares to every other scored vulnerability. If a CVE is at the 95th percentile, it is riskier than 95% of all known CVEs. It answers: "Is this CVE more likely to be exploited than most others?" Use it to spot the needle-in-a-haystack threats in your backlog.
> 90%
Immediate action required. Exploitation is highly likely. Patch within 24-48 hours.
> 70%
Prioritize remediation. Significant exploit risk. Patch within 1 week.
> 30%
Plan remediation. Moderate exploit probability. Address in regular cycle.
≤ 30%
Low priority. Monitor for changes. Address during next maintenance window.
CVSS measures how bad a vulnerability could be. EPSS measures how likely it will be attacked. A CVE with CVSS 10 but EPSS 2% is dangerous but not being targeted right now. A CVE with CVSS 7 and EPSS 95% is both dangerous and actively attacked — patch that first. Always combine both scores for a smarter patching strategy.
Quick Tip: When looking at results, check EPSS Probability first — it tells you the real attack risk. Then use Percentile to see how it ranks against all other CVEs. Red and Orange = act now. Yellow = plan. Green = monitor.