About EPSS exploitability metrics in Minimus advisories
EPSS, the Exploit Prediction Scoring System, is a daily estimate of the probability that a vulnerability will be exploited in the wild over the next 30 days. An EPSS probability score is given on a scale of 0% to 100%, where the higher the EPSS score, the higher the probability of exploitation in the wild.
Only around 5% of all vulnerabilities are ever exploited in the wild. This can make it hard to interpret EPSS scores, since seemingly low probability scores will have a high rank. About 88% of vulnerabilities have an EPSS probability score of 10% or lower. An EPSS probability of 25% puts the vulnerability in the 95th percentile, and a probability of 50% is in the 98th percentile (ref).The distribution of EPSS scores can help convey this information more intuitively.