Escalation: Nssm-2.24 Privilege

(Non-Sucking Service Manager) does not have a single, direct CVE for a "built-in" privilege escalation flaw, it is

• Run sc sdshow <service_name> and restrict SERVICE_CHANGE_CONFIG to Administrators only.
• Example: sc sdset <service_name> D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;SU)

Permissions Misconfiguration (CVE-2025-41686): A more recent vulnerability identified in products like Phoenix Contact Device and Update Management involves misconfigured permissions on nssm.exe specifically, allowing low-privileged local attackers to gain administrative access. Vulnerability Summary Table CVE-2016-8742 Detail - NVD nssm-2.24 privilege escalation

reg query HKLM\SYSTEM\CurrentControlSet\Services /s /f "ImagePath" | findstr /i "nssm"

Step 3 – Modify the service to run your payload (Non-Sucking Service Manager) does not have a single,

4. Affected Components

• nssm.exe (Service Installer/Manager)
• Windows Registry Keys associated with NSSM services (Parameters subkeys).
• File system directories hosting the NSSM binaries or target application binaries with weak Access Control Lists (ACLs).

If you want, I can:

: Because NSSM is a legitimate tool for managing services, threat actors often use it to establish persistence If you want