CVSS Triage — Northforge Security Toolkit

CVSS v4 Triage Workspace

Parse CVSS v4 vectors, add analyst context, and generate stakeholder-ready outputs without pretending to compute official CVSS scores.

CVSS describes inherent technical severity. It does not know your asset value, internet exposure, exploit activity, or operational consequences.

Use CVSS to understand the vulnerability, not to replace analyst judgment.
Use exposure, exploit status, and business impact to set priority.
Treat the score as source-provided input unless your scorer is standards-verified.

Paste a CVSS v4 vector or build one with the metric controls below.

CVSS Vector

This phase supports factual parsing for CVSS v4 base metrics and the documented exploit maturity metric.

Source Score Affected Asset

Analyst Description

Use the selectors to build a valid base vector without relying on memory.

Priority guidance is derived from this operational context, not from CVSS alone.

Asset Criticality Exposure Exploit Status Compensating Controls Data Sensitivity Operational Impact

Control Notes

Generate analyst-facing outputs after validating the vector and reviewing context.

CVSS

No assessment generated yet

Parse a valid vector, fill the context fields, and generate outputs to populate this workspace.

Technical meaning of the supplied score or vector characteristics.

Contextual urgency guidance. This is support for analyst judgment, not an automatic decision.

Immediate triage checklist based on the current context.

Plain-language summary for leadership or non-technical stakeholders.

Structured markdown for tickets, handoff, or audit trail use.