Complex, cyber-physical engineering systems-of-systems such as satellite networks, smart devices, and critical infrastructure (including energy grids, transportation systems, and water distribution networks), comprise numerous interconnected components whose interactions are often highly non-linear. As failures in one subsystem can cascade through these networks, accurately identifying trajectories that lead to overall system failure remains a substantial challenge. Graphical-based models are well-suited for representing these interactions, as they capture both structural interdependencies and dynamic pathways across multiple levels of fidelity (Milanović et al., 2017). As a result, we first introduce a model for the overarching system as a graph decomposed into subgraphs reflecting individual subsystems, with nodes and edges corresponding to physical entities and their cyber-physical communication pathways. While traditional graph metrics such as round-trip times, reachability matrices, and degree distributions (O'Halloran et al., 2021; Oehlers et al., 2021) provide useful global characteristics, they frequently overlook higher-order, localized interactions that can precipitate cascading failures. To address this gap, we second propose a novel theoretical framework that leverages Riemannian geometry on graph cliques, leveraging curvature measures on carefully defined manifolds (Lubold et al., 2023), to reveal latent topological distances and to quantify localized interdependencies. These curvature-based metrics act as sensitive indicators of potential failure propagation, pinpointing critical pathways that conventional, distance-based approaches may miss. Moreover, our derivations are extendable to multiple fidelity levels, enabling vulnerability assessments at both the node and subsystem scales. After presenting the theoretical underpinnings of this curvature-based framework, we last validate its efficacy through simulations that model a representative cyber-physical network. In doing so, we show comparative analyses against conventional metrics and demonstrate that curvature measures provide enhanced predictive accuracy and richer insights into cascading failures. Further, we highlight reusable and generalizable graph templates, partitioning cyber-physical systems-of-systems into intra- and inter-subsystem subgraphs, thereby facilitating scalable, expertise-independent risk assessments on systems of critical concern.