Nssm-2.24 Privilege Escalation May 2026

On a vulnerable system, this file will be created by SYSTEM . On a patched system, NSSM will reject the change due to validation errors. NSSM 2.24 is a textbook example of how a small oversight in a utility tool can lead to a full domain compromise. The privilege escalation vector is trivial to exploit yet devastating in impact. While the maintainers fixed the issue years ago, the software supply chain is messy.

However, (released several years ago) contains a specific, reproducible privilege escalation vulnerability that has flown under the radar for many organizations. While the maintainers have since addressed this in later versions, countless legacy systems and poorly maintained servers still run NSSM 2.24. nssm-2.24 privilege escalation

The vulnerability in NSSM 2.24 subverts this logic not by breaking the Windows security model, but by mishandling how the service binary executes after installation. The Core Issue (CWE-269: Improper Privilege Management) When a standard user is tricked or coerced into running NSSM 2.24 (perhaps via a phishing attack or a malicious script on a shared terminal server), the tool does not properly validate the executable path and arguments before the service starts. On a vulnerable system, this file will be created by SYSTEM

where nssm Or checks installed versions: The privilege escalation vector is trivial to exploit

nssm version If the output says 2.24 , the system is vulnerable.