Privilege Escalation Vulnerability in NSSM by Non-Stop Service Manager
CVE-2025-41686

7.8HIGH

Key Information:

Vendor: Phoenix Contact
Status: Daum
Vendor: CVE Published:; 12 August 2025

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2025-41686?

A privilege escalation flaw exists in the NSSM application due to improper permission settings on nssm.exe. This vulnerability can be exploited by a low-privileged local attacker to gain elevated administrative rights, potentially compromising system integrity and security. Users are advised to review their configurations and implement necessary updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

DaUM 0.0.0 < 2025.3.1

References

https://certvde.com/de/advisories/VDE-2025-063

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Apr 16, 2025