Skip to content

NIST Introduces Likely Exploited Vulnerabilities (LEV) Metric for Better Threat Prediction

LEV builds upon EPSS, offering more nuanced predictions. It's part of DHS's efforts to reduce risk from known exploited vulnerabilities.

The image is of a notice board. There are few notes on the board.
The image is of a notice board. There are few notes on the board.

NIST Introduces Likely Exploited Vulnerabilities (LEV) Metric for Better Threat Prediction

The U.S. National Institute of Standards and Technology (NIST) has introduced a new metric called Likely Exploited Vulnerabilities (LEV) to help organizations better predict the likelihood of a vulnerability being exploited. This tool builds upon the existing Exploit Prediction Scoring System (EPSS) and aims to provide a more nuanced approach to vulnerability assessment.

LEV offers daily updates on each Common Vulnerability and Exposure (CVE), providing the overall past exploitation probability and additional supportive data. This metric can be used in conjunction with EPSS and Known Exploited Vulnerability (KEV) lists to improve vulnerability prioritization. The latest version of EPSS, EPSS v4, was released in March 2025.

The U.S. Department of Homeland Security (DHS) developed and published LEV on May 19, 20XX, as part of its Binding Operational Directive 22-01 issued on November 3, 2021. This directive mandates reducing the risk of known exploited vulnerabilities, and LEV is a key part of their vulnerability management efforts. However, it's important to note that LEV has an unknown margin of error due to the limitations of EPSS, which does not account for past vulnerability exploitation when generating its scores.

NIST hopes that the LEV white paper will serve as a valuable tool for organizations, helping them to identify opportunities to improve their existing systems for determining vulnerability exploitation. By providing more nuanced predictions, LEV aims to enhance vulnerability management and better protect against potential threats.

Read also:

Latest