logo 'MAGArchiv1.1' by Peperoni :: rmarchiv.de is brought to you with love.
logo 'MAGArchiv1.1' by Peperoni :: rmarchiv.de is brought to you with love.
NSSM allows a user to install and manage Windows services. When a low-privilege user has to an NSSM-controlled service configuration or its binary path, privilege escalation becomes possible.
In late 2025 and early 2026, researchers identified that multiple enterprise products—including Phoenix Contact Device and Update Management and Wowza Streaming Engine—were vulnerable to this exact pattern. nssm224 privilege escalation updated
: If the path to the executable NSSM manages contains spaces and is not enclosed in quotes (e.g., C:\Program Files\App Name\nssm.exe ), an attacker can place a malicious file (e.g., C:\Program.exe ) to be executed by the system during reboot . NSSM allows a user to install and manage Windows services
, an attacker with sufficient local rights can redirect a service to execute their own scripts or payloads instead of the intended application. Interactive Shell Creation: A common technique involves setting a service type to SERVICE_INTERACTIVE_PROCESS nssm set Type SERVICE_INTERACTIVE_PROCESS . If the service runs as LocalSystem : If the path to the executable NSSM