> ## Documentation Index
> Fetch the complete documentation index at: https://docs.minimus.io/llms.txt
> Use this file to discover all available pages before exploring further.

# EPSS Exploitability Metrics

> About EPSS exploitability metrics in Minimus advisories

EPSS, the Exploit Prediction Scoring System, is a daily estimate of the probability that a vulnerability will be exploited in the wild over the next 30 days. An EPSS probability score is given on a scale of 0% to 100%, where the higher the EPSS score, the higher the probability of exploitation in the wild.

## EPSS probability score & rank

Only around 5% of all vulnerabilities are ever exploited in the wild. This can make it hard to interpret EPSS scores, since seemingly low probability scores will have a high rank. About 88% of vulnerabilities have an EPSS probability score of 10% or lower. An EPSS probability of 25% puts the vulnerability in the 95th percentile, and a probability of 50% is in the 98th percentile ([ref](https://www.first.org/epss/articles/prob_percentile_bins)).

The distribution of EPSS scores can help convey this information more intuitively.

<img src="https://mintcdn.com/gutsy-6162adbc/FM7VH7b6fP7agbL4/epss-probability.png?fit=max&auto=format&n=FM7VH7b6fP7agbL4&q=85&s=15fba2a2dde43f56caadf92f175da8b9" alt="EPSS probability distribution" width="1117" height="460" data-path="epss-probability.png" />

## Exploitability label

In Minimus, vulnerabilities with an EPSS score above 60% are labeled as **Likely exploit**.

<Info>
  If a CVE is both on the CISA KEV list and also has a high EPSS score, it will only show the **active exploit** label.
</Info>