loading
Loading content
loading
An exploit turns a vulnerability from a theoretical weakness into a working attack. It is the code or sequence of steps that abuses a flaw to force unintended behavior: executing attacker commands, bypassing authentication, reading memory it should not reach, or crashing a service. A vulnerability describes the bug; the exploit is the part that takes advantage of it.
Exploits range widely in maturity. Some exist only as a proof-of-concept that demonstrates the flaw is real, while others are reliable, weaponized payloads packaged into frameworks for repeatable use. The Log4Shell flaw (CVE-2021-44228) moved from disclosure to public, reliable exploits within days, which is why exploit availability drives prioritization more than a severity score alone.
For offensive work, knowing an exploit exists for a given CVE changes the math. A flaw with a public exploit is far more likely to be hit, and a zero-day with a private exploit is the hardest case to defend against. Many exploits chain into privilege escalation to convert initial access into full control.
In a Trickest workflow, you enrich scan findings with exploit availability so triage promotes the assets where a usable exploit already exists.
Related terms