diff --git a/audits/2024-12-10-X41-D-Sec.md b/audits/2024-12-10-X41-D-Sec.md
index b012d6522099..473ae3be56e2 100644
--- a/audits/2024-12-10-X41-D-Sec.md
+++ b/audits/2024-12-10-X41-D-Sec.md
@@ -65,7 +65,7 @@ Additionally, three issues without a direct security impact were identified.
 Mullvad implemented fixes for four of the issues during the audit, and released a new version
 of the app on the affected platforms around the time when we were handed the final audit report.
 
-### __MLLVD-CR-24-01__: Signal Handler Alternate Stack Too Small
+### __MLLVD-CR-24-01__: Signal Handler Alternate Stack Too Small (Severity: High)
 <a id="MLLVD-CR-24-01"></a>
 
 The alternative stack configured for the fault signal handler in `mullvad-daemon` was too small.
@@ -88,7 +88,7 @@ immediately mark existing apps as unsupported, but to release a fixed app versio
 as the audit was complete. We still recommend users on the affected platforms to
 upgrade to the latest version of the app at their earliest convenience.
 
-### __MLLVD-CR-24-02__: Signal Handler Uses Non-Reentrant Safe Functions
+### __MLLVD-CR-24-02__: Signal Handler Uses Non-Reentrant Safe Functions (Severity: High)
 <a id="MLLVD-CR-24-02"></a>
 
 The fault signal handler in `mullvad-daemon` called functions which are not signal
@@ -114,7 +114,7 @@ has been around for multiple years without any practical issues surfacing. So ju
 `MLLVD-CR-24-01` above, we decided to not release any quick patch release immediately, but instead
 wait for the audit to finish and release fixes for all audit findings at the same time.
 
-### __MLLVD-CR-24-03__: Virtual IP Address of Tunnel Device Leaks to Network Adjacent Participant
+### __MLLVD-CR-24-03__: Virtual IP Address of Tunnel Device Leaks to Network Adjacent Participant (Severity: Medium)
 <a id="MLLVD-CR-24-03"></a>
 
 The Linux kernel (and consequently Android) by default replies to ARP requests for any local
@@ -149,7 +149,7 @@ When this has been deployed, the issue will be gone on Android also.
 
 [known issues]: ../docs/known-issues.md#MLLVD-CR-24-03
 
-### __MLLVD-CR-24-04__: Deanonymization Through NAT
+### __MLLVD-CR-24-04__: Deanonymization Through NAT (Severity: Medium)
 <a id="MLLVD-CR-24-04"></a>
 
 All UDP connections from a client to some service on the internet have a corresponding entry in the
@@ -192,7 +192,7 @@ Mullvad does not plan to actively mitigate this issue further in the app. The at
 hard to carry out, and can be prevented further by enabling multihop and/or DAITA.
 Concerned users can also choose to avoid using UDP to communicate with sensitive services.
 
-### __MLLVD-CR-24-05__: Deanonymization Through MTU
+### __MLLVD-CR-24-05__: Deanonymization Through MTU (Severity: Low)
 <a id="MLLVD-CR-24-05"></a>
 
 This attack is about how an attacker that can both observe a user's tunnel traffic and also
@@ -229,7 +229,7 @@ need to protect against.
 We agree with the severity rating being set to *low* on this issue, since it requires a powerful
 attacker and only provide them with heuristics to make qualified guesses about who the client is.
 
-### __MLLVD-CR-24-06__: Windows installer runs adjacent taskkill.exe
+### __MLLVD-CR-24-06__: Windows installer runs adjacent taskkill.exe (Severity: High)
 <a id="MLLVD-CR-24-06"></a>
 
 The Windows installer for the Mullvad VPN app invokes `taskkill.exe` in some places to kill