CVSS v4 is the fourth version of the Common Vulnerability Scoring System, a standard way to rate how severe a software vulnerability is. It turns technical details into a numeric score so defenders can compare issues and decide what to patch first. Version 4 is more expressive than older versions because it can reflect not only how a flaw works in theory, but also conditions in the real environment where it is deployed.
That matters in security operations because a vulnerability may be critical only when a specific service, credential setup, privilege model, or network exposure exists. Attackers look for those enabling conditions to turn a bug into access, while defenders use CVSS v4 to separate broadly dangerous flaws from ones that become risky only in certain deployments. The score helps prioritize work, but it does not replace hands-on validation, configuration review, or patching.