: Attackers use NSSM to install malware, reverse shells, or coin miners as a Windows service. This allows the malicious program to start automatically on boot and restart if it crashes. Case Study: GeoServer RCE (CVE-2024-36401)
If you discover nssm-2.24.exe in a temp folder or a directory that is not your standard software deployment: nssm-2.24 exploit
For applications that require process monitoring and restart capabilities, newer process managers such as offer cross‑platform support and more robust security features. PM2 can manage Node.js applications but is also capable of supervising arbitrary executables, and its configuration system is designed with modern security practices in mind. : Attackers use NSSM to install malware, reverse
The vulnerability is often associated with improper input validation and handling within NSSM. Attackers can craft malicious input to exploit this weakness, potentially leading to: PM2 can manage Node
The most significant vulnerability explicitly tied to NSSM is , a high‑severity privilege escalation flaw discovered in 2025.
The NSSM-2.24 exploit refers to a critical vulnerability discovered in the Non-Sucking Service Manager (NSSM) version 2.24. NSSM is a popular, open-source service manager for Windows that allows users to manage and monitor services on their systems. While NSSM is designed to provide a reliable and efficient way to handle services, the 2.24 version contains a vulnerability that can be exploited by attackers to gain unauthorized access to a system.
icacls "C:\path\to\nssm.exe"