This study presents a systematic approach to vulnerability assessment and risk analysis within a controlled laboratory environment. A virtual network infrastructure was deployed, comprising Kali Linux as the scanning platform and Metasploitable 2 as the target system, to emulate a small-scale enterprise network. Network reconnaissance was conducted using Nmap, followed by vulnerability assessment using Nessus. Identified vulnerabilities were evaluated and classified based on severity using the Common Vulnerability Scoring System (CVSS), and subsequently mapped to corresponding risk levels. The analysis revealed multiple high-severity vulnerabilities, including the presence of default credentials and outdated services, which pose significant security risks and necessitate immediate remediation. Furthermore, the results underscore the effectiveness and extensive coverage of Nessus, supported by its comprehensive plugin database exceeding 80,000 entries. The proposed methodology provides a practical and reproducible framework applicable to both academic research and real-world cybersecurity assessments.