How to assess the bug severity base on the capabilities better?

[tiedaoxiaotubie]

We designed and provided a threat model in our paper, the code can be found in the repository. But, I always wondering if there is any better solution for assessing the bug severity based on the bug capabilities? For example, we set the parameters in our current threat model by seeking advice from experts, we also adjusted the parameters' value by comparing existing severity results, can we do it in a more automatic or clever way? Maybe using big data training? Trying it with ChatGPT or something else?