How to read EPSS

Hi everyone,

Noob here... I'm investigating CVE-2022-36067 because one of our applications claims to be using a component called vm2 - NVD has this vulnerability at a 10.0. Next thing I did was to put the CVE into EPSS ([https://api.first.org/data/v1/epss?cve=CVE-2022-36067](https://api.first.org/data/v1/epss?cve=CVE-2022-36067)) and saw what seems to be pretty conflicting information:

\- EPSS: 0.05634 (on a scale of 0 to 1, which struck me as very low)

\- Probability: 0.89865 (which seems very high)

I guess what I'm asking for is any …

blueteamsec