You can use following frameworks, individually or as combinations, to structure the LIKELIHOOD section of the vulnerability write-ups.
Threat Agent Factors
The first set of factors are related to the threat agent involved. The goal here is to estimate the likelihood of a successful attack by this group of threat agents. Use the worst-case threat agent.
Motive - How motivated is this group of threat agents to find and exploit this vulnerability?
Opportunity - What resources and opportunities are required for this group of threat agents to find and exploit this vulnerability?
Size - How large is this group of threat agents?
Vulnerability Factors
The next set of factors are related to the vulnerability involved. The goal here is to estimate the likelihood of the particular vulnerability involved being discovered and exploited. Assume the threat agent selected above.
Ease of Exploit - How easy is it for this group of threat agents to actually exploit this vulnerability?
Awareness - How well known is this vulnerability to this group of threat agents?
Intrusion Detection - How likely is an exploit to be detected?