Is there a public exploit available? - Is the vulnerability being actively exploited in the wild (check CISA KEV)? - What skill level is required for exploitation? - Does exploitation require authentication or user interaction?