Nssm224 Privilege Escalation Updated Updated

Executive Summary: NSSM Local Privilege Escalation (LPE) NSSM (Non-Sucking Service Manager) version

binary with a malicious one. When the service restarts, the malicious code executes with Administrative privileges. certvde.com 🛡️ Recent Vulnerability Details Disclosure Date Affected Integration CVE-2025-41686 7.8 (High) August 12, 2025 Phoenix Contact Device & Update Management CVE-2016-20033 7.2 (High) Updated Mar 2026 Wowza Streaming Engine 4.5.0 CVE-2016-8742 7.8 (High) Updated Feb 2026 Apache CouchDB 2.0.0 (Windows) Key Findings Improper Permissions: The most frequent issue involves the nssm224 privilege escalation updated

: If the nssm.exe binary or its directory has "Full Control" or "Modify" permissions for the "Everyone" or "Users" group, an attacker can replace the legitimate service binary with a malicious one. CVE-2016-20033 Detail - NVD : If the path

Attackers frequently target low-level accounts because they are easier to hijack via stolen credentials or social engineering before seeking a path to elevation. C:\Program.exe instead of C:\Program Files\nssm.exe ).

Recent disclosures highlight the ongoing risk in both consumer and enterprise software:

Monitor for unusual service creation events (Event ID 7045) or changes to service configurations. Phoenix Contact to audit the permissions of all instances on your system? CVE-2016-20033 Detail - NVD

: If the path to the NSSM executable contains spaces and is not enclosed in quotes, Windows may attempt to execute files at intercept points (e.g., C:\Program.exe instead of C:\Program Files\nssm.exe ).