Glossary
Exploit Prediction Scoring System (EPSS)
What Is the Exploit Prediction Scoring System (EPSS)?
The Exploit Prediction Scoring System (EPSS) is a probabilistic score, maintained by FIRST, that estimates the likelihood a given CVE will be exploited in the wild within the next 30 days — used to prioritize vulnerabilities by predicted real-world exploitability rather than just severity.
CVSS measures how bad a vulnerability could be in theory. EPSS estimates how likely it is to be exploited in practice. Together with KEV status and reachability context, EPSS helps security teams cut through CVE volume and focus on what is actually likely to be used against them.
Related Terms
CVE · CVSS · Known Exploited Vulnerabilities · Vulnerability Management


