Attackers typically target NSSM-managed services through the following methods: Unquoted Service Paths
This article dissects the mechanics of the NSSM 2.24 privilege escalation attack, why it works, and what happens when an attacker gains a foothold on a machine with this version installed. nssm-2.24 privilege escalation
In NSSM versions prior to 2.24 (and sometimes including 2.24 depending on configuration), a privilege escalation was possible if: why it works
High Attack Vector: Local Privileges Required: Low-privileged user (Authenticated, non-admin) User Interaction: None nssm-2.24 privilege escalation
Controllable parameters or configuration files
A simple PoC to demonstrate the flaw (assuming you have nssm 2.24.exe in the current directory and a standard user account):