Exploitability Analysis¶
CVSS alone doesn't tell you if the vulnerability is actually weaponized. Use public exploit databases to refine urgency.
Weaponization Happens Fast
Modern exploits move from PoC to automated tooling in days, not weeks. Monitor GitHub, Twitter, and exploit-db. When PoC code appears, assume weaponization within 48 hours.
Exploit Maturity Spectrum¶
flowchart LR
A["Proof of Concept<br/>(Research)"] -->|"Days-weeks"| B["Public Exploit Available<br/>(Published)"]
B -->|"Days-weeks"| C["Tools Updated<br/>(Automated)"]
C -->|"Days"| D["In-the-Wild Exploitation<br/>(Active)"]
%% Ghostty Hardcore Theme
style A fill:#66d9ef,color:#1b1d1e
style B fill:#a6e22e,color:#1b1d1e
style C fill:#fd971e,color:#1b1d1e
style D fill:#f92572,color:#1b1d1e
Action Mapping:
| Maturity | Timeline | Response |
|---|---|---|
| Research only | Alert issued today | 30-day window |
| Public PoC available | 2-7 days to tooling | 1-week window |
| Tools actively updated | 1-3 weeks | 3-day window |
| In-the-wild exploitation | Starting now | 24-hour window |
Checking Exploit Status¶
Tools to Check:
- Exploit-DB
- NVD - CVE Details
- GitHub Issues in vulnerable repos
- Security mailing lists
- X/Twitter security researchers (if monitoring alerts)
Query Pattern:
# Check for public exploits
curl -s https://api.github.com/search/code?q=CVE-2024-XXXXX | jq '.total_count'
# Count PoC repositories
gh search repos "CVE-2024-XXXXX" --language go --language python
References¶
Exploit availability changes urgency. Monitor exploit maturity, not just CVSS.