Nssm-2.24 Privilege Escalation Portable Jun 2026

The primary method for escalating privileges via NSSM 2.24 involves . If an administrator installs a service using NSSM and the path to the executable contains spaces but no quotation marks (e.g., C:\Program Files\Service Name\nssm.exe ), Windows will search for and attempt to execute files in the following order: C:\Program.exe C:\Program Files\Service.exe C:\Program Files\Service Name\nssm.exe

The attacker finds a service running C:\Program Files\NSSM\nssm.exe .

refers to a class of local privilege escalation (LPE) vulnerabilities that occur when the Non-Sucking Service Manager (NSSM) v2.24 binary or its configuration is poorly secured within a Windows environment . NSSM is a widely trusted, open-source utility that allows administrators to wrap any script, command, or standard executable into a resilient Windows background service. However, because NSSM services typically execute with administrative or NT AUTHORITY\SYSTEM privileges, any misconfiguration or insecure permission set tied to the nssm.exe executable instantly turns the utility into a high-impact vector for local privilege escalation. The Core Concept: How NSSM Works nssm-2.24 privilege escalation

Non-Sucking Service Manager (NSSM) version 2.24 itself does not have a documented, inherent code-based privilege escalation vulnerability. However, it is frequently cited in security reviews due to unquoted service path vulnerabilities and insecure permissions created by the applications that use it as a wrapper. www.tenable.com Key Security Concerns for NSSM 2.24 Unquoted Service Path

Version 2.24, released back in August 2014, is still regarded as the "latest stable version" on the official website and remains in active use across countless systems. Organizations that adopted NSSM early on have built entire automation pipelines around it. Its popularity has led to it being bundled into complex software suites, such as Phoenix Contact’s Device and Update Management, IBM Robotic Process Automation, and Wowza Streaming Engine, all of which inherit any security flaws present in NSSM. The primary method for escalating privileges via NSSM 2

: Ensure that NSSM and related services are running with the least privileges necessary to perform their functions.

The most direct fix is to update the service path to include quotation marks. NSSM is a widely trusted, open-source utility that

Attackers use Windows built-in tools or scripts like PowerUp to find services with weak permissions. A manual command looks like this: