Managing information technology security risk is challenging and relies heavily on the vulnerability assessment process within an organisation's vulnerability management strategy. The common vulnerability scoring system is the de facto for prioritising vulnerabilities during the vulnerability assessment process, but its reliance on an external threat context renders it unjustifiable for determining practical risk for vulnerabilities in a specific information system. Alternative methods, such as Tenable’s vulnerability priority rating and the exploitability prediction scoring system, also fall short by only predicting vulnerability exploitability based on external data. This highlights an existing challenge attributed to the lack of a comprehensive method to determine the practical risk of a vulnerability during the vulnerability assessment process. This study proposes automated vulnerability exploitability tests (exploit-t) as a vulnerability risk assessment method to improve risk-based prioritisation based on internal exploitability threat intelligence. The study employs a design science research framework and experiments in a virtual network environment, which is a simulation that validates the proposed method. The proposed method produces a score code-named bukirwa_score, which is a risk score that indicates the practical risk of a vulnerability based on the severity of the vulnerability and the existing security controls and measures. Results show that the proposed vulnerability risk assessment method has the capability to reduce the number of high-priority vulnerabilities by providing a better assessment of their risk. The technique demonstrates improvements in vulnerability prioritisation and provides a more practical risk score and rating that are both explainable and justifiable.