The vulnerability can have severe impact or minimal impact on an organization depending on the context.
Let us understand with an example: Assume there is a website which has an SQLi vulnerability, here the attacker is able to access the information that is stored in the database. Information that was retrieved by the attacker were photos of different species of plants. Now based on the information retrieved it is evident that the impact would be very minimal to the organisation. Similarly if the data that was retrieved was credit card numbers then we can consider the impact of the vulnerability to be very high. Hence based on the context we can determine the severity of a vulnerability.