09-10-2025 06:11 PM
Hello PaloAlto Networks Team,
What version of CVSS is listed in Palo Alto Networks Security Advisories?
Please tell me which version it is, such as CVSS v3 or v4.
Regards,
09-11-2025 02:52 AM
Hi @Y.Narita347153 ,
Palo Alto Networks has adopted CVSS v4.0 as its primary scoring system for new security advisories.
While older advisories still list scores using CVSS v3.1, all new advisories now feature the updated CVSS v4.0 metrics and a vector string, in addition to other context-specific ratings like Urgency, Response Effort, and Recovery.
Source: https://www.paloaltonetworks.com/product-security-assurance
"We use CVSS version 4.0 (CVSS-B, and CVSS-BT scores) to score vulnerabilities and consider several factors such as active exploitation, customer exposure, and public disclosure timelines while prioritizing response actions for issues. The Base Score (CVSS-B) reflects the severity of a vulnerability according to its intrinsic characteristics which are constant over time. The Threat Metrics (CVSS-BT) adjust the severity of a vulnerability based on factors, such as the availability of proof-of-concept code or active exploitation."
Hope this helps,
-Kim.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
