EPSS

Upwind Prioritizes Vulnerabilities Based on Real-World Exploit Likelihood with EPSS Scoring

Dec 10, 2025

We’re excited to share that EPSS (Exploit Prediction Scoring System) scoring is now available in Upwind’s Vulnerability Management module. This brings data-driven exploit likelihood insights directly into your vulnerability workflows, helping teams prioritize remediation based on real-world risk rather than theoretical severity alone.

What Is EPSS?

Security teams face thousands of vulnerabilities each week. The challenge isn’t finding them, it’s determining which ones pose the most immediate threat. Traditional scoring systems like CVSS focus on the potential impact of a vulnerability which is valuable, but they don’t address how likely it is to be exploited. EPSS was designed to bridge that gap.

Developed by the FIRST community (Forum of Incident Response and Security Teams), EPSS uses machine learning and data analytics to predict the probability that a vulnerability will actually be exploited in the wild. The model evaluates signals including:

  • Observed exploit activity across the internet
  • Vulnerability characteristics like CVSS metrics, publication date, and vendor information
  • Known exploit sources, repositories, and attack trends

Each CVE receives a score between 0 and 1, representing exploitation likelihood. For example, a score of 0.7 indicates a 70% probability the vulnerability will be exploited in the near term.

Screenshot-2025-11-27-at-8.27.31-AM

For security teams, that means:

  • Smarter Prioritization. While CVSS tells you how severe a vulnerability could be, EPSS indicates how likely it is to be weaponized. Thousands of vulnerabilities carry “high” or “critical” CVSS ratings, but only a small subset are actively targeted. EPSS helps identify which ones warrant immediate attention.
  • More Efficient Resource Allocation. Security teams can focus time and resources on vulnerabilities with the highest likelihood of exploitation, improving both efficiency and overall security posture.
  • Better Context for Decision-Making. When paired with Upwind’s runtime visibility and environmental context, EPSS enables decisions that reflect both how exploitable and how exposed each asset actually is.
CleanShot-2025-11-19-at-10.07.11@2x
Upwind provides EPPS score of 0.0412, meaning that there is a low probably of this CVE being exploited

A More Complete View of Risk with Upwind

The real power of EPSS emerges when you combine it with other risk signals. When you layer exploit probability (EPSS), severity (CVSS), and Upwind’s runtime context together, you can answer the questions that actually matter:

  • How severe is this vulnerability? (CVSS)
  • How likely is it to be exploited? (EPSS)
  • Is this vulnerable component running in our environment and is it exposed to the internet? (Runtime context)

This layered approach means you’re not just reacting to vulnerability scanners flagging thousands of issues. You’re identifying the specific vulnerabilities that represent genuine risk to your organization- the ones that are both dangerous and actively being weaponized, running in your environment, and accessible to attackers.

Screenshot-2025-11-27-at-8.45.57-AM

This means that remediation efforts are focused and aligned with real-world threats. Instead of addressing vulnerabilities in severity order and hoping you’re tackling the right ones, you can confidently prioritize based on which issues pose the most immediate danger to your specific infrastructure. EPSS scoring is now integrated into vulnerability findings within the Upwind Platform, appearing alongside existing vulnerability details.

Screenshot-2025-11-27-at-8.46.30-AM
Upwind provides EPPS scores in context, allowing you to get a more complete view of risk without leaving the Platform.

EPSS Scoring Now Available Throughout the Upwind Platform

EPSS scoring is now deeply woven into the Upwind Platform, giving teams instant visibility into exploit likelihood wherever they investigate vulnerabilities. Whether you’re reviewing findings, examining a resource, or drilling into a specific package, the EPSS score is surfaced directly within your workflow – right alongside the contextual details you already rely on.

As you move through the platform, EPSS appears naturally in the places where prioritization decisions happen:

  • Findings views across CVEs, resources, images, and packages
  • Vulnerability side panel, with EPSS surfaced alongside key details
  • Package side panel, showing EPSS within the CVE context
  • Resource side panel, where vulnerability insights include exploit likelihood
  • CVE floating card, displaying EPSS next to severity, exposure, and runtime context

The result is simple but powerful: no more jumping between tools or cross-referencing external databases. Upwind brings exploit likelihood into every corner of your investigation process, so you can immediately understand how real, how urgent, and how relevant a vulnerability is -without ever leaving the platform.

CleanShot-2025-11-25-at-12.53.05@2x
Upwind displays EPPS scores of specifc package-related CVEs in context

See it Live

Want to see how EPSS scoring can transform your vulnerability management workflow? Schedule a demo to explore how Upwind combines exploit prediction, severity scoring, and runtime context to help you focus on the vulnerabilities that matter most.

Upwind Prioritizes Vulnerabilities Based on Real-World Exploit Likelihood with EPSS Scoring

Further Reading

AWS-Lambda-Runtime-d
Product

Introducing The Upwind Tracer for AWS Lambda Functions: Deep Runtime Security for Serverless Workloads

A person wearing a dark t-shirt and a baseball cap stands with arms crossed. The background is a plain, light-colored wall.

By Chris Lentricchia

Dec 04, 2025

Today, we’re excited to announce the private preview release of The Upwind Tracer for AWS Lambda Functions, bringing serverless-native runtime security and observability to your Lambda workloads. As teams continue to adopt and evaluate AWS Lambda for event-driven application architectures, it remains important to verify that its benefits – such as automatic scaling, minimal infrastructure […]

AWS-Fargate-runtime-b
Product

The First-Ever API Security Support for AWS Fargate with Deep Layer 7 Visibility for Serverless Compute

Smiling man with short dark hair and a beard, wearing a black T-shirt with a logo featuring a colorful graphic and the letter U, standing against a neutral background.

By Jonathan Cohen

Dec 04, 2025

We’re excited to announce a major expansion of the Upwind Platform: API Security is now fully available for AWS Fargate workloads. With this update, customers gain the same deep API discovery, behavioral insight, and layer 7 visibility for Fargate that Upwind already delivers across Kubernetes, VMs, and other cloud compute environments. As organizations shift toward […]

cloud-parity-b
Product

Expanding CSPM with Runtime Advantage: Deep Data Scanning & Multi-Cloud Parity

Moshe Hassan Upwind

By Moshe Hassan

Dec 03, 2025

We are excited to announce a major expansion of the Upwind Runtime Attack Surface Management. This release extends support for GCP and Azure resources, bringing true multi-cloud parity while deepening AWS support with expanded support for AWS Lambda, SNS, Elasticache, and Redis. Beyond coverage, we are introducing Deep Data Scanning – a new ASM playbook […]

Footer-Logo-07_03_2025

Stay In Touch

This field is for validation purposes and should be left unchanged.

Product

CNAPP
CSPM
CWPP
Container Security
Identity Security
Vulnerability Management
DSPM
CADR
API Security
GenAI Security

General

About
Contact
Careers
We are hiring!
Events
Case Studies
Get A Demo

Social

X
LinkedIn
Instagram

Resources

UpwindTV
Feed
Glossary
Integrations
Newsroom

Documentation

Privacy Policy
Terms of Use

© 2025 Upwind Security