Severity Rating System

NYOXA LABS uses severity to help clients prioritize action based on exploitability, exposure, business impact, and remediation urgency.

Critical

A vulnerability or exposure that could lead to immediate or severe business impact, such as unauthorized access to sensitive data, administrative compromise, or direct exploitation of business-critical systems.

Recommended action: Immediate fix or emergency mitigation.

High

A significant security issue that could enable account compromise, sensitive data access, privilege escalation, or serious abuse if exploited.

Recommended action: Prioritize fix as soon as possible.

Medium

A moderate security issue, configuration weakness, or exposure that increases risk but may require additional conditions to create serious impact.

Recommended action: Fix in the next planned remediation cycle.

Low

A low-risk issue or hardening improvement that should be addressed to improve overall security posture.

Recommended action: Fix when practical.

Informational

A security observation, best-practice note, or improvement suggestion without immediate confirmed exploitability.

Recommended action: Review and consider.

Secure / Passed

A tested area that appears properly protected within the assessment scope, or a previously reported issue that has been fixed after retesting.