Nssm-2.24 Privilege Escalation Verified

: While NSSM development is infrequent, ensure you are using the most stable version and auditing the service creation process for common Windows misconfigurations.

The core flaw in CVE-2025-41686 is the lack of restrictive permissions. Administrators must enforce the principle of least privilege on the nssm.exe binary and its containing directory.

: NSSM is registered as a service with a path like C:\Program Files\My App\nssm.exe but without quotation marks.

NSSM is an open-source service helper. Unlike the native Windows sc.exe , NSSM provides a user-friendly interface and robust monitoring features. It is frequently used in development environments and by DevOps teams to manage web servers, database proxies, and custom scripts as background services. The Core of the Vulnerability: Insecure File Permissions

The 2.24 version is outdated, and the primary recommendation from the NSSM developers is to upgrade to the 2.25 pre-release builds, which address several bugs, including those related to service handling and stability. Immediate Mitigation Steps:

While NSSM itself is not inherently "malicious," the way it is often deployed creates a classic vulnerability.

: Windows will attempt to find and execute files along the path in order. For example, it might try to run C:\Program.exe

Registry- or link-based redirection

While less severe than the permission-based flaws, this behavior creates an opportunity for a Denial of Service (DoS) or a window of "chaos" where event logs are flooded with restarts, potentially masking a secondary exploit. It also forces the SCM to repeatedly reinitialize the service environment, increasing the probability of race conditions if an attacker is timing their binary replacement with the restart cycle.

: The tool should automatically enforce quoted service paths in the Windows registry to prevent "Unquoted Service Path" exploits, where Windows might execute a malicious binary with a similar name in a parent folder.

The attacker waits for a reboot or uses wmic service to attempt a restart if they have the rights to do so. How to Mitigate NSSM-2.24 Risks

(Non-Sucking Service Manager) is a legitimate tool used to run any executable as a Windows service, it is frequently exploited for local privilege escalation (LPE)

The most critical vulnerability is formally identified as CVE-2025-41686. Published on August 12, 2025, this flaw has been assigned a CVSS v3.1 base score of .

Select your country

 

Global

Global

Americas

North America

América Latina (Español)

Brasil

Middle East & Africa

Middle East & Africa (English)

Asia-Pacific

South East Asia and India (English)

Malaysia (English)

Australia

中国 nssm-2.24 privilege escalation

日本

New Zealand and Pacific Islands

Europe

België

Belgique

Česká Republika & Slovenská Republika

Danmark

Deutschland

Österreich : While NSSM development is infrequent, ensure you

España

France

Ελληνικά

Hrvatska

Italia

Magyarország

Nederland

Norge : NSSM is registered as a service with

Polska

Schweiz

Suomi

Sverige

Türkiye

UK & Ireland

CIS

Armenia, Azerbaijan, Georgia, Kazakhstan, Kyrgyzstan, Moldova, Ukraine, Uzbekistan (English)

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×