As noted, 2.24 is an older stable release. Move to newer 2.25 pre-release versions or use alternative service wrappers if possible.
NSSM 2.24 is frequently cited in security advisories because third-party installers (like or Wowza Streaming Engine ) often deploy it with weak directory permissions. Because NSSM typically runs with SYSTEM privileges, any user who can replace the nssm.exe file can effectively take over the entire machine.
If the Access Control Lists (ACLs) on these folders are misconfigured, low-privileged users (like members of the Authenticated Users or Users group) may possess write or modify permissions. nssm-2.24 privilege escalation
The root cause was that all files in the CouchDB installation inherited file permissions from the parent directory, where the installer had granted the to the "Authenticated Users" group . Consequently, a standard non-administrator user could replace the nssm.exe binary with any executable of their choice. Upon service restart or system reboot, that executable would run with LocalSystem privileges , enabling the attacker to create a backdoor administrator account and achieve complete system compromise.
: Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with elevated privileges, potentially leading to a complete compromise of the system. As noted, 2
to remediate the vulnerability. Let me know how you'd like to secure your environment . Share public link
The attacker changes the binPath to point to a malicious executable they control: Because NSSM typically runs with SYSTEM privileges, any
Understanding and Mitigating NSSM 2.24 Privilege Escalation Vulnerabilities
NSSM is designed to manage services on Windows systems, offering features such as service monitoring, automatic restarts, and improved error handling. It is particularly popular in environments where services need to be managed with high reliability and flexibility, such as in server and enterprise settings. NSSM allows administrators to easily configure and manage services, making it a valuable tool for system administrators.
The security issues with NSSM-2.24 are not rooted in complex buffer overflows or advanced memory corruption. Instead, they arise from simpler, yet equally devastating, misconfigurations. Attackers are not exploiting code in NSSM itself—they are exploiting the Windows operating system interacts with the nssm.exe binary and the services it creates.
While NSSM 2.24 is not vulnerable to the classic unquoted service path in its own code, it creates services that are. If an administrator uses NSSM to install a service with a path like C:\Program Files\MyApp\app.exe , and C:\Program Files\MyApp is writable by a non-admin user, an attacker can replace app.exe with a malicious binary.