Securing NSSM installations requires adhering to the principle of least privilege and strict access control management. 1. Enforce Strict Access Control Lists (ACLs)
Do you need to automate the detection of these vulnerabilities?
If an administrator misconfigures the registry ACLs—granting write access to non-administrative users on the service's subkeys—an attacker can change the Application value to point to C:\Windows\System32\cmd.exe or a custom backdoor. nssm224 privilege escalation updated
CVE‑2025‑41686 is not an isolated incident affecting only the standalone NSSM tool. Multiple enterprise software vendors have been found to ship versions of NSSM 2.24 with insecure permissions, inadvertently exposing their customers to privilege escalation attacks.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:3
The vulnerability stems from improper installation habits or weak file permissions on the NSSM binary itself or the service configuration parameters stored in the Windows Registry. Key Risk Factors
The attacker moves the original executable aside and drops their malicious binary into the folder, renaming it to match the expected service file: NSSM224_Service ) is identified
reg query HKLM\SYSTEM\CurrentControlSet\Services /s /f "Parameters\Application" 2>nul | findstr "ImagePath"
Once a target service (e.g., NSSM224_Service ) is identified, the attacker inspects its binary path permissions using icacls : icacls "C:\Program Files\CustomApp\service_wrapped.exe" Use code with caution.