# Scoring Explained

In Catchify, each finding is scored based on **Risk** and **Criticality** to help you prioritize what matters most. These scores are set by our assigned pentester, aligned with your organization’s risk profile.

### 🔍 Scoring Breakdown

* **Severity** – Reflects the urgency of the issue based on its potential impact
* **Impact** – Describes how serious the consequences would be if exploited
* **Likelihood** – How likely the vulnerability is to be successfully exploited
* **CVSS** – A standardized score (0–10) that combines impact and likelihood into a single risk number

> **CVSS**: A higher score means the issue is more critical and should be prioritized for remediation.

<figure><img src="/files/6DTIcIInpAKx5toyvCRS" alt=""><figcaption></figcaption></figure>

These scores are visualized in the Risk Matrix inside your Catchify portal, giving you a clear view of which vulnerabilities need urgent attention.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.catchify.sa/portal-guide/findings-management/scoring-explained.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.