Nssm-2.24 Privilege Escalation _hot_ Jun 2026

: Vulnerable via replacing the nssm_x64.exe binary due to improper permissions.

: The tool should automatically enforce quoted service paths in the Windows registry to prevent "Unquoted Service Path" exploits, where Windows might execute a malicious binary with a similar name in a parent folder. nssm-2.24 privilege escalation

where nssm

: The vulnerability involves manipulating the service configuration to execute commands with higher privileges than those granted to the user executing the NSSM service. : Vulnerable via replacing the nssm_x64

Affected versions

NSSM (Non-Sucking Service Manager) version 2.24 is a widely used tool for managing Windows services, but it presents specific security risks, primarily revolving around . While NSSM itself is not inherently "malicious," its misconfiguration or presence in a compromised environment can be leveraged by attackers to gain NT AUTHORITY\SYSTEM privileges. Deep Review of NSSM 2.24 Vulnerabilities 1. Unquoted Service Path (Most Common) Unquoted Service Path (Most Common)