CVSS v3.1, the Common Vulnerability Scoring System, is a standardized way to rate how severe a software vulnerability is. It turns technical properties of a flaw into a numeric score from 0.0 to 10.0 and a vector that explains the factors behind the rating, such as attack vector, required privileges, user interaction, and impact on confidentiality, integrity, and availability.
In cyber security, CVSS helps defenders prioritize patching and triage. A high score does not always mean an exploit is active, but it does indicate that the weakness could have serious consequences if reachable. For example, a command-injection flaw in a management interface may score critically high when it can lead to remote code execution with elevated privileges. Security teams use the score alongside exposure, asset criticality, and compensating controls to decide what to fix first. CVSS is a useful baseline, but it should be treated as one input to risk assessment, not the whole decision.