Nssm-2.24 Privilege Escalation Exclusive

(Non-Sucking Service Manager) does not have a single, direct CVE for a "built-in" privilege escalation flaw, it is

• The common privilege-escalation issue involving NSSM (Non-Sucking Service Manager) 2.24 is not a bug in NSSM internals but a deployment/misconfiguration class: services that specify the path to nssm.exe or to a managed executable without surrounding quotes can create an unquoted service path vulnerability allowing local privilege escalation (LPE).
• The attack vector is PATH/executable hijacking when Windows interprets an unquoted service binary path containing spaces. If an attacker can place a malicious executable at an earlier path segment (e.g., C:\Program.exe when the service path is C:\Program Files\Vendor\nssm.exe ...), Windows may run that attacker-controlled executable as SYSTEM (the service account) during service start or restart.
• Impact depends on file-system ACLs and where the service binary path points: many such exploits require the low-privileged user to be able to write to a folder in the path (often not possible for C:\ root), or the attacker to find another writable prefix in the unquoted path. When writable, the attacker can achieve full SYSTEM privileges.

Detection

Step 4: Trigger Execution

• Sanitization of service arguments to prevent shell injection.
• Forced validation that the binary path exists and is executable before writing to the registry.
• Deprecation of interactive GUI editing for non-admin users in certain service control contexts.

Step 4 – Triggering the Service

If the output says 2.24 , the system is vulnerable. nssm-2.24 privilege escalation