Nssm-2.24 Privilege Escalation < PLUS › >

This vulnerability, discovered in mid-2025, allows a low-privileged local attacker to exploit set on the nssm.exe file. This misconfiguration enables an authenticated user to replace the legitimate nssm.exe binary with a malicious one. Once replaced, the next time NSSM is invoked—whether by a service restart, a scheduled task, or an unsuspecting administrator—the malicious code executes with the elevated privileges of the calling process. Typically, this means the attacker can gain SYSTEM or Administrator-level access , allowing them to install malware, create new administrative users, or exfiltrate sensitive data.

: NSSM stores its service parameters in the Registry. If the permissions on these Registry keys are too loose, a user can modify the AppParameters or Application string to execute a different command when the service starts.

Another variant is when the NSSM executable itself ( nssm.exe ) is placed in a directory where a low-privileged user has write access. An attacker can replace the legitimate nssm.exe with a malicious binary. When the service runs, it executes the malicious binary with elevated SYSTEM privileges. 3. Example Scenario: Exploiting NSSM 2.24 nssm-2.24 privilege escalation

Misconfigurations involving nssm.exe (specifically version dependencies up to 2.24) represent critical entry points for . This comprehensive security guide breaks down the core vulnerabilities associated with NSSM, the mechanics of exploit execution, and architectural mitigation strategies. The Architecture of NSSM Vulnerabilities

where nssm

Assume:

This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later. Typically, this means the attacker can gain SYSTEM

If the Users or Everyone security group is granted or Full Control (F) access to the directory containing nssm.exe , or to the binary itself, the system becomes completely vulnerable. The Attack Vector Breakdown (CVSS:3.1 / 7.8 High)

This article explores the technical details of how these vulnerabilities function, how they can be exploited, and the critical steps needed to remediate them. 1. What is NSSM 2.24 Privilege Escalation? Another variant is when the NSSM executable itself ( nssm

Non-Sucking Service Manager (NSSM) Affected Versions: NSSM 2.24 (and likely prior versions) Severity: High Vector: Local Impact: Privilege Escalation (Local System)

Attackers who establish an initial foothold as a low-privileged local user leverage these structural flaws to hijack the service execution chain. This allows them to run malicious code under the context of NT AUTHORITY\SYSTEM —effectively gaining full, unrestricted administrative control over the machine. Anatomy of NSSM 2.24 Security Vulnerabilities