Free Tool · CVSS v4.0

CVSS v4.0 Calculator

Name: CVSS v4.0 Calculator
Author: BreachVex

Compute base, threat, and environmental scores per the official FIRST.org CVSS v4.0 spec.

See vulnerability examples

SQL Injection IDOR Cross-Site Scripting (XSS)SSRF Command Injection CSRF

Add this calculator to your site

Free to embed. No API key required. Please include attribution.

<!-- CVSS v4.0 Calculator by BreachVex (free, no account required) -->
<iframe src="https://breachvex.com/tools/cvss-calculator/embed" width="480" height="520"
  style="border:1px solid #27272a;border-radius:12px;background:#09090b"
  title="CVSS v4.0 Calculator — BreachVex" allow="clipboard-write"></iframe>

Free tool by breachvex.com

Built by BreachVex — try our AI-driven pentest — proof-of-exploit on every finding. Try BreachVex.

Free Tool · CVSS v4.0

CVSS v4.0 Calculator

Compute base, threat, and environmental scores per the official FIRST.org CVSS v4.0 spec.

Base Metrics

Exploitability

AVAttack Vector

Network

What is this?

Where the attacker must be to exploit the flaw — over the internet (Network), on the same local network (Adjacent), with local access (Local), or physically touching the device (Physical).

ACAttack Complexity

Low

What is this?

How much an attacker has to defeat security measures that aren't under their control. Low means the attack works reliably; High means they must beat extra protections first.

ATAttack Requirements

None

What is this?

Whether the attack needs special conditions that the attacker doesn't control to be in place first, such as a race condition or a particular configuration.

PRPrivileges Required

None

What is this?

What level of account or access the attacker needs before attacking — none at all, a normal user account (Low), or an administrator account (High).

UIUser Interaction

None

What is this?

Whether a victim has to do something for the attack to work — nothing (None), a routine action (Passive), or being tricked into a deliberate action like clicking a link (Active).

Impact

Vulnerable System

VCVulnerable Confidentiality

None

What is this?

How badly the attacked system's secrets could be exposed — full data theft (High), limited leakage (Low), or none.

VIVulnerable Integrity

None

What is this?

How badly an attacker could tamper with or alter data on the attacked system — full control (High), limited changes (Low), or none.

VAVulnerable Availability

None

What is this?

How badly the attacked system's availability could be disrupted — taken fully offline (High), degraded (Low), or not affected (None).

Subsequent System

SCSubsequent Confidentiality

None

What is this?

Confidentiality impact on other systems beyond the one attacked — when the breach spreads and leaks data elsewhere.

SISubsequent Integrity

None

What is this?

Integrity impact on other systems beyond the one attacked — when the breach lets the attacker alter data on downstream systems.

SASubsequent Availability

None

What is this?

Availability impact on other systems beyond the one attacked — when the breach can take down connected services.

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Shareable URL

https://breachvex.com/tools/cvss-calculator?v=CVSS%3A4.0%2FAV%3AN%2FAC%3AL%2FAT%3AN%2FPR%3AN%2FUI%3AN%2FVC%3AN%2FVI%3AN%2FVA%3AN%2FSC%3AN%2FSI%3AN%2FSA%3AN

Embed This Calculator

<iframe src="https://breachvex.com/tools/cvss-calculator/embed?v=CVSS%3A4.0%2FAV%3AN%2FAC%3AL%2FAT%3AN%2FPR%3AN%2FUI%3AN%2FVC%3AN%2FVI%3AN%2FVA%3AN%2FSC%3AN%2FSI%3AN%2FSA%3AN" width="480" height="520" style="border:1px solid #27272a;border-radius:12px;background:#09090b" title="CVSS v4.0 Calculator — BreachVex" allow="clipboard-write"></iframe>

CVSS v4.0 Score

0.0

None

0.04.07.09.010.0

CVSS v3.1 Estimate (rough conversion)

v3.1 Base~0.0

None

Score is low — no remediation guidance triggered.

See vulnerability examples

SQL Injection IDOR Cross-Site Scripting (XSS)SSRF Command Injection CSRF

Add this calculator to your site

Free to embed. No API key required. Please include attribution.

<!-- CVSS v4.0 Calculator by BreachVex (free, no account required) -->
<iframe src="https://breachvex.com/tools/cvss-calculator/embed" width="480" height="520"
  style="border:1px solid #27272a;border-radius:12px;background:#09090b"
  title="CVSS v4.0 Calculator — BreachVex" allow="clipboard-write"></iframe>

Free tool by breachvex.com

Built by BreachVex — try our AI-driven pentest — proof-of-exploit on every finding. Try BreachVex.

Base Metrics

Exploitability

AVAttack Vector

Network

What is this?

Where the attacker must be to exploit the flaw — over the internet (Network), on the same local network (Adjacent), with local access (Local), or physically touching the device (Physical).

ACAttack Complexity

Low

What is this?

How much an attacker has to defeat security measures that aren't under their control. Low means the attack works reliably; High means they must beat extra protections first.

ATAttack Requirements

None

What is this?

Whether the attack needs special conditions that the attacker doesn't control to be in place first, such as a race condition or a particular configuration.

PRPrivileges Required

None

What is this?

What level of account or access the attacker needs before attacking — none at all, a normal user account (Low), or an administrator account (High).

UIUser Interaction

None

What is this?

Whether a victim has to do something for the attack to work — nothing (None), a routine action (Passive), or being tricked into a deliberate action like clicking a link (Active).

Impact

Vulnerable System

VCVulnerable Confidentiality

None

What is this?

How badly the attacked system's secrets could be exposed — full data theft (High), limited leakage (Low), or none.

VIVulnerable Integrity

None

What is this?

How badly an attacker could tamper with or alter data on the attacked system — full control (High), limited changes (Low), or none.

VAVulnerable Availability

None

What is this?

How badly the attacked system's availability could be disrupted — taken fully offline (High), degraded (Low), or not affected (None).

Subsequent System

SCSubsequent Confidentiality

None

What is this?

Confidentiality impact on other systems beyond the one attacked — when the breach spreads and leaks data elsewhere.

SISubsequent Integrity

None

What is this?

Integrity impact on other systems beyond the one attacked — when the breach lets the attacker alter data on downstream systems.

SASubsequent Availability

None

What is this?

Availability impact on other systems beyond the one attacked — when the breach can take down connected services.

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Shareable URL

https://breachvex.com/tools/cvss-calculator?v=CVSS%3A4.0%2FAV%3AN%2FAC%3AL%2FAT%3AN%2FPR%3AN%2FUI%3AN%2FVC%3AN%2FVI%3AN%2FVA%3AN%2FSC%3AN%2FSI%3AN%2FSA%3AN

Embed This Calculator

<iframe src="https://breachvex.com/tools/cvss-calculator/embed?v=CVSS%3A4.0%2FAV%3AN%2FAC%3AL%2FAT%3AN%2FPR%3AN%2FUI%3AN%2FVC%3AN%2FVI%3AN%2FVA%3AN%2FSC%3AN%2FSI%3AN%2FSA%3AN" width="480" height="520" style="border:1px solid #27272a;border-radius:12px;background:#09090b" title="CVSS v4.0 Calculator — BreachVex" allow="clipboard-write"></iframe>

CVSS v4.0 Score

0.0

None

0.04.07.09.010.0

CVSS v3.1 Estimate (rough conversion)

v3.1 Base~0.0

None

Score is low — no remediation guidance triggered.