: NSSM stores its service parameters in the Registry. If the permissions on these Registry keys are too loose, a user can modify the AppParameters or Application string to execute a different command when the service starts.
Understanding NSSM-2.24 and Potential Privilege Escalation NSSM (the ) version 2.24 is a widely used utility that allows administrators to wrap any executable or script into a Windows service. While NSSM itself is not inherently "vulnerable" in its core code, the way it is deployed and configured—especially in version 2.24—frequently introduces Local Privilege Escalation (LPE) vulnerabilities in the host systems it manages. Common Attack Vectors Involving NSSM-2.24 nssm-2.24 privilege escalation
Non-Sucking Service Manager (NSSM) version 2.24 itself does not have a documented, inherent code-based privilege escalation vulnerability. However, it is frequently cited in security reviews due to unquoted service path vulnerabilities and insecure permissions created by the applications that use it as a wrapper. www.tenable.com Key Security Concerns for NSSM 2.24 Unquoted Service Path : NSSM stores its service parameters in the Registry
Get-ChildItem -Path C:\ -Filter nssm.exe -Recurse -ErrorAction SilentlyContinue | ForEach-Object & $_.FullName version While NSSM itself is not inherently "vulnerable" in
An authenticated, low-privileged user can achieve full SYSTEM privileges on the affected host. This compromises integrity, confidentiality, and availability.