Skip to content
Login
Get Started
Whatsapp

Nssm-2.24 Privilege Escalation -

This allows an unprivileged user to:

Responsible testing and legal/ethical notes

Practical detection (quick checks)

Ensure all service paths are properly quoted. Example: "C:\Program Files\My App\nssm.exe"

# Copy the vulnerable binary to a writable location copy "%ProgramFiles%\NSSM\nssm-2.24.exe" .\nssm.exe nssm-2.24 privilege escalation

| CVE ID | Affected Product | Affected Versions | Status | |--------|-----------------|-------------------|--------| | CVE-2025-41686 | Phoenix Contact Device and Update Management (DaUM) | < 2025.3.1 | Patched | | CVE-2025-41686 | Various applications using nssm.exe | All versions prior to patched release | Depends on vendor patch status | | CVE-2016-8742 | Apache CouchDB | 2.0.0 (Windows only) | Patched in 2.0.0.1 | | CVE-2016-20033 | Wowza Streaming Engine | 4.5.0 | No vendor fix provided | | CVE-2024-51448 | IBM Robotic Process Automation | 21.0.0-21.0.7.17, 23.0.0-23.0.18 | Patch available from vendor |

C:> copy malicious.exe "C:\Program Files\VulnerableApp\bin\nssm.exe" /Y C:> sc stop "VulnerableService" C:> sc start "VulnerableService" This allows an unprivileged user to: Responsible testing

Understanding NSSM-2.24 and Potential Privilege Escalation NSSM (the ) version 2.24 is a widely used utility that allows administrators to wrap any executable or script into a Windows service. While NSSM itself is not inherently "vulnerable" in its core code, the way it is deployed and configured—especially in version 2.24—frequently introduces Local Privilege Escalation (LPE) vulnerabilities in the host systems it manages. Common Attack Vectors Involving NSSM-2.24

: The attacker waits for the associated service to restart. This can occur through: a system reboot, an administrator restarting the service, a scheduled service maintenance window, or even by forcing a service crash (though this may require additional techniques). Common Attack Vectors Involving NSSM-2

Ensure that the directory containing nssm.exe and the application binaries it manages are only writable by Administrators ( System or Administrators group). Low-privileged users should have only Read & Execute permissions.