Axonius Documentation
  1. Asset Cloud
  2. Exposures

Axonius Vulnerability Score (AVS)

Axonius Vulnerability Score (AVS) is a risk score assigned to vulnerabilities that helps customers prioritize vulnerabilities based on considerations beyond raw severity, including real-world exploitability and expected impact.

Scope

  • AVS applies to any CVE documented in NVD, meaning any CVE that enters the pipeline using NVD enrichment.
  • AVS applies to the following asset types: Security Findings, Aggregated Security Findings, and Security Finding Instances (across all assets).
  • AVS data is visible in the Vulnerability Repository.

A vulnerability's AVS is calculated by combining multiple external data sources with Axonius research and enrichment outputs, using the Vulnerability Score Pipeline. After processing the relevant data from all sources, Axonius evaluates and ranks key risk drivers, such as:

Risk Driver

Parameters

Exploit maturity and evidence

  • Whether the CVE is known exploited (for example, KEV-style signals)
  • Whether proof-of-concept exploits exist

Attack feasibility

  • Required access level (unauthenticated vs authenticated)
  • Access complexity or prerequisites (special configuration, user interaction, local access, privileges)
  • Whether exploitation depends on uncommon environmental conditions

Impact potential

  • The technical outcome: remote code execution, privilege escalation, sensitive data exposure, denial of service; and whether the vulnerability enables direct control, persistence, or lateral movement

Product / component context

  • The type of the affected component (library, product, operating system, or control-plane component)
  • Prevalence and universality of the vulnerable component - how widely deployed it is assumed to be
  • Whether the affected component is open-source or commonly perimeter-facing (gateway, firewall, or proxy class)

Reference strength

  • The number of sources referencing exploitation or PoCs and their credibility
  • Consistency across sources: multiple independent confirmations increases confidence

After evaluating all these and many more parameters, the module produces a single numeric score and an explanation that highlights the strongest drivers behind that score.

🚧

Notes

  1. AVS is computed using Axonius-enriched CVE data and trusted external or public sources,. It does not use data from customer-specific environments as part of the scoring logic
  2. This product uses the NVD API, however it is not endorsed or certified by the NVD.

A Summary of the Vulnerability Score Pipeline

The Vulnerability Score Pipeline is a comprehensive data processing system that enhances raw CVE (Common Vulnerabilities and Exposures) data from the National Vulnerability Database (NVD) with intelligence from multiple external sources and AI-powered analysis. The pipeline transforms basic CVE records into enriched vulnerability assessments that include exploit intelligence, product identification, security context, and threat intelligence.

See Fields Used in AVS Calculation for the full list of fields used to calculate the final AVS, their impact, and their contribution to the risk level (increasing/decreasing).

Key capabilities of the pipeline:

  • Multi-source data aggregation from 6+ external APIs
  • AI-powered vulnerability analysis using Large Language Models (LLMs)
  • Exploit maturity assessment and threat intelligence
  • Product security classification and prevalence scoring
  • Automated reference consolidation and categorization

The general pipeline flow is as follows:

  1. Base Layer: NVD data fetching and parsing
  2. Sources: External data enrichment
  3. Pre-Processing: Data consolidation
  4. LLM Stage: AI-powered analysis
  5. Post-Processing: Final aggregation and maturity assessment

Read More

Data Sources and Attributions

How Axonius Leverages AI in AVS

Fields Used in AVS Calculation

Viewing AVS Data

Updated 1 day ago