diff --git a/ee/app/models/ee/vulnerability.rb b/ee/app/models/ee/vulnerability.rb
index 2b1436c08a8d6426dcdf34e496508c6750ea429f..57465c98b5533a04bf6a0f50828d9583f19025bc 100644
--- a/ee/app/models/ee/vulnerability.rb
+++ b/ee/app/models/ee/vulnerability.rb
@@ -192,6 +192,10 @@ def with_vulnerability_links
 
       delegate :dismissal_reason, to: :vulnerability_read, prefix: true, allow_nil: true
 
+      def cvss_vectors_with_vendor
+        cvss.map { |cvss| "#{cvss['vendor']}=#{cvss['vector']}" }
+      end
+
       def full_path
         "#{project.full_path}/#{id}"
       end
diff --git a/ee/app/services/vulnerability_exports/exporters/csv_service.rb b/ee/app/services/vulnerability_exports/exporters/csv_service.rb
index f522f5323fcd1374e0c8662d0c89e05add1e69ae..95b4a1c86277e8223d0b5e8573b97d5399007ee1 100644
--- a/ee/app/services/vulnerability_exports/exporters/csv_service.rb
+++ b/ee/app/services/vulnerability_exports/exporters/csv_service.rb
@@ -9,7 +9,7 @@ class CsvService
       # to be removed with https://gitlab.com/gitlab-org/gitlab/-/issues/412114
       NIL_FORMATTER = ->(_) { nil }
 
-      CVSS_FORMATTER = ->(v) { v&.cvss&.map { |e| e.values.join('=') }&.to_csv(col_sep: CSV_DELIMITER, row_sep: '') }
+      CVSS_FORMATTER = ->(v) { v&.cvss_vectors_with_vendor&.to_csv(col_sep: CSV_DELIMITER, row_sep: '') }
 
       attr_reader :vulnerabilities
 
diff --git a/ee/spec/models/ee/vulnerability_spec.rb b/ee/spec/models/ee/vulnerability_spec.rb
index e23e220997f10328cfe23bd3736837bc0839a3fa..681b25af5d0e034d3875fb53a4fac8ed05347cd1 100644
--- a/ee/spec/models/ee/vulnerability_spec.rb
+++ b/ee/spec/models/ee/vulnerability_spec.rb
@@ -562,6 +562,16 @@
     end
   end
 
+  describe '#cvss_vectors_with_vendor' do
+    subject { vulnerability.cvss_vectors_with_vendor }
+
+    before do
+      vulnerability.cvss = [{ vector: 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N', vendor: 'GitLab' }]
+    end
+
+    it { is_expected.to match_array(['GitLab=CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N']) }
+  end
+
   describe '#full_path' do
     let(:project) { build(:project) }
     let(:vulnerability) { build(:vulnerability, id: 1, project: project) }
diff --git a/ee/spec/services/vulnerability_exports/exporters/csv_service_spec.rb b/ee/spec/services/vulnerability_exports/exporters/csv_service_spec.rb
index c9621143806ff74a5e22c0cb5a385fa2e7c85cd8..41b004f1050b3c1f56e2e8afb019134f29f79529 100644
--- a/ee/spec/services/vulnerability_exports/exporters/csv_service_spec.rb
+++ b/ee/spec/services/vulnerability_exports/exporters/csv_service_spec.rb
@@ -47,7 +47,7 @@
       end
 
       context 'when a project belongs to a group' do
-        let_it_be(:vulnerability) { create(:vulnerability, :with_findings, project: project) }
+        let_it_be_with_refind(:vulnerability) { create(:vulnerability, :with_findings, project: project) }
         let_it_be(:note) { create(:note, project: project, noteable: vulnerability, note: "a\nb") }
 
         it 'includes proper values for each column type', :aggregate_failures do