| CVE ID | Affected Product | Affected Versions | Status | |--------|-----------------|-------------------|--------| | CVE-2025-41686 | Phoenix Contact Device and Update Management (DaUM) | < 2025.3.1 | Patched | | CVE-2025-41686 | Various applications using nssm.exe | All versions prior to patched release | Depends on vendor patch status | | CVE-2016-8742 | Apache CouchDB | 2.0.0 (Windows only) | Patched in 2.0.0.1 | | CVE-2016-20033 | Wowza Streaming Engine | 4.5.0 | No vendor fix provided | | CVE-2024-51448 | IBM Robotic Process Automation | 21.0.0-21.0.7.17, 23.0.0-23.0.18 | Patch available from vendor |
: A more recent vulnerability identified in products like Phoenix Contact Device and Update Management involves misconfigured permissions on nssm.exe specifically, allowing low-privileged local attackers to gain administrative access. Vulnerability Summary Table CVE-2016-8742 Detail - NVD
C:\ProgramData\... or C:\Program Files\... with weak permissions Full system takeover (Vertical Privilege Escalation) Detection EDR alerts for nssm.exe in unusual paths like \Windows\tmp\ Prevention & Mitigation
The is a classic example of an unquoted service path vulnerability leading to full system compromise. It highlights the importance of not just using reliable tools, but configuring them correctly. By ensuring service paths are quoted and keeping software updated, organizations can easily mitigate this threat. Need to check your systems? nssm-2.24 privilege escalation
. Because NSSM is an executable used to wrap other applications as services, it is a high-value target for attackers who have already gained a foothold on a system. Primary Escalation Vectors
This is the most common vulnerability associated with NSSM-2.24 deployments.
This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later. | CVE ID | Affected Product | Affected
Attackers sometimes try to modify the registry keys associated with NSSM to change the Parameters\AppParameters path to point to malware.
| Metric | Value | |--------|-------| | Attack Vector | Local (AV:L) | | Attack Complexity | Low (AC:L) | | Privileges Required | Low (PR:L) | | User Interaction | None (UI:N) | | Confidentiality Impact | High (C:H) | | Integrity Impact | High (I:H) | | Availability Impact | High (A:H) |
: Always ensure the path to nssm.exe and the application it manages are enclosed in double quotes within the service configuration. Need to check your systems
Privilege escalation occurs when a standard user can trick a high-privileged process (the NSSM service) into running a malicious file. 1. Identification
shell.exe runs as SYSTEM .
The issue is not a memory corruption bug but a :
NSSM is designed to manage services on Windows systems, offering features such as service monitoring, automatic restarts, and improved error handling. It is particularly popular in environments where services need to be managed with high reliability and flexibility, such as in server and enterprise settings. NSSM allows administrators to easily configure and manage services, making it a valuable tool for system administrators.
According to the official NVD Advisory for CVE-2025-41686, the exploitation mechanics are structured as follows: