{"id":"https://openalex.org/W7123736299","doi":"https://doi.org/10.1109/iscc65549.2025.11326354","title":"Can LLMs Classify CVEs? Investigating LLMs Capabilities in Computing CVSS Vectors","display_name":"Can LLMs Classify CVEs? Investigating LLMs Capabilities in Computing CVSS Vectors","publication_year":2025,"publication_date":"2025-07-02","ids":{"openalex":"https://openalex.org/W7123736299","doi":"https://doi.org/10.1109/iscc65549.2025.11326354"},"language":null,"primary_location":{"id":"doi:10.1109/iscc65549.2025.11326354","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iscc65549.2025.11326354","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE Symposium on Computers and Communications (ISCC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5071242130","display_name":"Francesco Marchiori","orcid":"https://orcid.org/0000-0001-5282-0965"},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Francesco Marchiori","raw_affiliation_strings":["University of Padova,Department of Mathematics,Padua,Italy"],"affiliations":[{"raw_affiliation_string":"University of Padova,Department of Mathematics,Padua,Italy","institution_ids":["https://openalex.org/I138689650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003312690","display_name":"Denis Donadel","orcid":"https://orcid.org/0000-0002-7050-9369"},"institutions":[{"id":"https://openalex.org/I119439378","display_name":"University of Verona","ror":"https://ror.org/039bp8j42","country_code":"IT","type":"education","lineage":["https://openalex.org/I119439378"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Denis Donadel","raw_affiliation_strings":["University of Verona,Department of Computer Science,Verona,Italy"],"affiliations":[{"raw_affiliation_string":"University of Verona,Department of Computer Science,Verona,Italy","institution_ids":["https://openalex.org/I119439378"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5009516310","display_name":"Mauro Conti","orcid":null},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Mauro Conti","raw_affiliation_strings":["University of Padova,Department of Mathematics,Padua,Italy"],"affiliations":[{"raw_affiliation_string":"University of Padova,Department of Mathematics,Padua,Italy","institution_ids":["https://openalex.org/I138689650"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5071242130"],"corresponding_institution_ids":["https://openalex.org/I138689650"],"apc_list":null,"apc_paid":null,"fwci":3.5342,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.95241122,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.6218000054359436,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.6218000054359436,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.14659999310970306,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.06279999762773514,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/prioritization","display_name":"Prioritization","score":0.5544000267982483},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5230000019073486},{"id":"https://openalex.org/keywords/risk-assessment","display_name":"Risk assessment","score":0.4359000027179718},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.3578999936580658},{"id":"https://openalex.org/keywords/rubric","display_name":"Rubric","score":0.34549999237060547},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.34290000796318054}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6165000200271606},{"id":"https://openalex.org/C2777615720","wikidata":"https://www.wikidata.org/wiki/Q11888847","display_name":"Prioritization","level":2,"score":0.5544000267982483},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5268999934196472},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5230000019073486},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4648999869823456},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.4359000027179718},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3831999897956848},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3580000102519989},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.3578999936580658},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.34779998660087585},{"id":"https://openalex.org/C111640148","wikidata":"https://www.wikidata.org/wiki/Q847349","display_name":"Rubric","level":2,"score":0.34549999237060547},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.34290000796318054},{"id":"https://openalex.org/C184898388","wikidata":"https://www.wikidata.org/wiki/Q1435712","display_name":"Pairwise comparison","level":2,"score":0.33899998664855957},{"id":"https://openalex.org/C189430467","wikidata":"https://www.wikidata.org/wiki/Q7293293","display_name":"Ranking (information retrieval)","level":2,"score":0.32499998807907104},{"id":"https://openalex.org/C154504017","wikidata":"https://www.wikidata.org/wiki/Q853614","display_name":"Identifier","level":2,"score":0.32420000433921814},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.2858000099658966},{"id":"https://openalex.org/C94124525","wikidata":"https://www.wikidata.org/wiki/Q912550","display_name":"Categorization","level":2,"score":0.2596000134944916},{"id":"https://openalex.org/C148524875","wikidata":"https://www.wikidata.org/wiki/Q6975395","display_name":"F1 score","level":2,"score":0.25209999084472656}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/iscc65549.2025.11326354","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iscc65549.2025.11326354","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE Symposium on Computers and Communications (ISCC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5665964484214783,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W2295598076","https://openalex.org/W3210162706","https://openalex.org/W4225658316","https://openalex.org/W4391093223","https://openalex.org/W4402264467","https://openalex.org/W4402264535","https://openalex.org/W4402353169","https://openalex.org/W4407163436","https://openalex.org/W4408566170","https://openalex.org/W4409361036","https://openalex.org/W4411436162"],"related_works":[],"abstract_inverted_index":{"Common":[0,26],"Vulnerability":[1,27],"and":[2,17,36,67,117,158,169],"Exposure":[3],"(CVE)":[4],"records":[5],"are":[6],"fundamental":[7],"to":[8,32,44,57,64,113],"cybersecurity,":[9],"offering":[10],"unique":[11],"identifiers":[12],"for":[13,103],"publicly":[14],"known":[15],"software":[16],"system":[18],"vulnerabilities.":[19,106],"Each":[20],"CVE":[21],"is":[22,61],"typically":[23],"assigned":[24],"a":[25],"Scoring":[28],"System":[29],"(CVSS)":[30],"score":[31,39],"support":[33],"risk":[34],"prioritization":[35],"remediation.":[37],"However,":[38],"inconsistencies":[40],"often":[41],"arise":[42],"due":[43],"subjective":[45,153],"interpretations":[46],"of":[47,53,79,97,166],"certain":[48],"metrics.":[49],"As":[50],"the":[51,77,95,164],"number":[52],"new":[54],"CVEs":[55],"continues":[56],"grow":[58],"rapidly,":[59],"automation":[60],"increasingly":[62],"necessary":[63],"ensure":[65],"timely":[66],"consistent":[68],"scoring.":[69],"While":[70],"prior":[71],"studies":[72],"have":[73],"explored":[74],"automated":[75],"methods,":[76],"application":[78],"Large":[80],"Language":[81],"Models":[82],"(LLMs),":[83],"despite":[84],"their":[85,115],"recent":[86],"popularity,":[87],"remains":[88],"relatively":[89],"underexplored.In":[90],"this":[91],"work,":[92],"we":[93],"evaluate":[94],"effectiveness":[96],"LLMs":[98,139,173],"in":[99,142,150],"generating":[100],"CVSS":[101,144,167],"scores":[102,120],"newly":[104],"reported":[105],"We":[107],"investigate":[108],"various":[109],"prompt":[110],"engineering":[111],"strategies":[112],"enhance":[114],"accuracy":[116],"compare":[118],"LLM-generated":[119],"against":[121],"those":[122],"from":[123],"embedding-based":[124,146,175],"models,":[125],"which":[126],"use":[127],"vector":[128],"representations":[129],"classified":[130],"via":[131],"supervised":[132],"learning.":[133],"Our":[134],"results":[135,181],"show":[136],"that":[137,171],"while":[138],"demonstrate":[140],"potential":[141],"automating":[143],"evaluation,":[145],"methods":[147,176],"outperform":[148],"them":[149],"scoring":[151,168,184],"more":[152,179],"components,":[154],"particularly":[155],"confidentiality,":[156],"integrity,":[157],"availability":[159],"impacts.":[160],"These":[161],"findings":[162],"underscore":[163],"complexity":[165],"suggest":[170],"combining":[172],"with":[174],"could":[177],"yield":[178],"reliable":[180],"across":[182],"all":[183],"components.":[185]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-03-12T08:34:05.389933","created_date":"2026-01-14T00:00:00"}