Why do risk levels matter?
Not all vulnerabilities are equal. Some expose you to real, immediate threats. Others are minor misconfigurations or informational findings.
Tresal uses risk levels to help you:
• Focus on what matters most
• Take action based on impact
• Track progress as you reduce risk over time
The five risk levels
🔥 Critical
Immediate threat. High risk.
Issues that are likely to be exploited or already targeted by attackers.
Examples:
• Publicly exposed admin panels
• Remote code execution vulnerabilities
• Leaked credentials
Action: Fix these as soon as possible.
🔴 High
Serious issues that could compromise your systems.
These may not be actively exploited, but they expose important attack vectors.
Examples:
• Open databases
• Known vulnerable software versions
• Broken authentication setups
Action: Address quickly in your next sprint or security cycle.
🟠 Medium
Moderate security risk.
Often related to configuration, missing best practices, or non-critical exposures.
Examples:
• Missing SPF/DMARC records
• Open ports with known services
• Security headers not set
Action: Schedule to resolve; these stack up over time.
🟡 Low
Minor exposure or weak points.
Typically informational or low-impact issues.
Examples:
• Open ports with unknown services
• Minor SSL warnings
Action: Fix if possible, especially if it’s easy or part of a bigger fix.
🔵 Info
Informational only. No direct risk.
Useful technical details that don’t require action but may help with context.
Examples:
• Technology fingerprints
• Detected metadata
• DNS records
Action: None needed.
✅ Best practice
Start by resolving Critical and High findings.
These give you the biggest impact on your security posture and reduce your attack surface fastest.
Need help prioritizing your findings?
Reach out to our team or use filters in your dashboard to triage based on risk level.