Ensure that the directory containing the service binary ( nssm.exe ) and the target application is not writable by the Users group. Only Administrators or SYSTEM should have write access.
The vulnerability has been assigned a with the vector string: nssm224 privilege escalation updated
icacls "C:\Path\To\Your\Service" /inheritance:r /grant:r Administrators:(OI)(CI)F /grant:r SYSTEM:(OI)(CI)F /grant:r Users:(OI)(CI)RX Use code with caution. 2. Secure the Windows Registry Ensure that the directory containing the service binary
| CVE ID | Affected Software/Vendor | Impact | Remediation Status | | :--- | :--- | :--- | :--- | | | Phoenix Contact DaUM (<2025.3.1) | Low-privileged user -> Admin rights | Update to 2025.3.1 or later | | CVE-2024-51448 | IBM Robotic Process Automation (21.0.0-23.0.18) | Non-privileged user -> Admin via substitution | Vendor patch required | | CVE-2016-20033 | Wowza Streaming Engine 4.5.0 | Everyone group -> LocalSystem via hijacking | Restrict permissions | 2025.3.1) | Low-privileged user ->