I think I have found an error in the episode mentioned above when you talk about the CVSS Base Score Categorization (otherwise known as severity ratings).
You say that when the base score is equal or greater than 6.0 but less than 10.0, it is considered as medium. Whereas critical equals to 10.0.
But actually, in the CVSS specification, there wasn't any severity rating given to the score in version 2.0. See this page.
On the other hand, CVSSv3.0 has the ratings Low, Medium, High, and Critical. Critical starting from 9.0 up until 10.0. See the specification documentation here.
What is confusing, though, is that NIST gives their own severity ratings for version 2, but critical doesn't exist. See this page under NVD Vulnerability Severity Ratings.
Could you confirm please?
By the way, who is the official source for the CVSS specification?