# Exploitability

## Exploitability

Given we found an issue with a CVE, we should first know if it is reachable (as seen above). But even when reachable, **what is the likelihood to be exploited?**

We’re continuously drowning in CVEs — including many high-severity CVEs — but **the majority aren’t actually exploitable**. This, of course, can make it difficult to prioritize vulnerabilities as well as to estimate remediation efforts.

CVEs provide a “metric” for such exploitability (based on CVSS). **CVSS** scores vulnerabilities based on their characteristics and potential impacts but **don't consider real-world threat data**. Conversely, **EPSS** forecasts rely on up-to-the-minute **risk intelligence** from the CVE repository and **empirical data** about **real-world system attacks**.&#x20;

While CVSS measures the inherent (theoretical) severity of vulnerabilities, EPSS predicts the likelihood of exploitation based on empirical data. <br>

<figure><img src="/files/39I6vBrquHgnIRBxIT5Z" alt=""><figcaption></figcaption></figure>

In this context, although Xygeni scores the severity of a CVE issue based on CVSS, the **Exploitability criteria adds a more reliable criteria to the funnel**, thus filtering out those issues with low exploitability likelihood.

{% hint style="info" %}
***Exploitability*** should be considered as a main criteria for **vulnerability prioritization** (see [Prioritization Funnels](/introduction-to-xygeni/prioritization-funnels.md))
{% endhint %}

You can view the EPSS Score associated with a vulnerability in the Vulnerability Details section.

<figure><img src="/files/8beuBHrfVEhvBuGYbDTX" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.xygeni.io/introduction-to-xygeni/prioritization-funnels/prioritization-funnels-1/exploitability.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.