CVE-2022-45307 identifies an insecure permissions vulnerability affecting the Chocolatey PHP package version 8.1.12 and earlier. Specifically, the issue arises from overly permissive access control settings on the subfolder C:\tools\php81 and all files within it. The vulnerability grants write privileges to all users who are part of the Authenticated Users group on Windows systems. This means any authenticated user on the system can modify, replace, or add files within this directory. The vulnerability is classified under CWE-732, which pertains to incorrect permissions or access control. The CVSS v3.1 base score is 4.3 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), low integrity impact (I:L), and no availability impact (A:N). The vulnerability does not require user interaction but does require some level of privileges (authenticated user). Although no known exploits in the wild have been reported, the risk lies in the potential for privilege escalation or unauthorized modification of PHP binaries or scripts, which could lead to integrity compromise of PHP runtime or applications relying on it. This could facilitate further attacks such as code execution or persistence mechanisms if leveraged by a malicious insider or attacker with authenticated access. The lack of a vendor or product name beyond Chocolatey PHP package limits specificity, but the affected path and package version indicate Windows environments using Chocolatey to manage PHP installations are at risk.

For European organizations, the impact of this vulnerability primarily concerns the integrity of PHP runtime environments installed via Chocolatey on Windows systems. Many enterprises and public sector entities in Europe rely on PHP for web applications and services. If an attacker or unauthorized user with authenticated access modifies PHP binaries or scripts, it could lead to unauthorized code execution, backdoors, or tampering with web applications, potentially resulting in data breaches or service disruptions. Although confidentiality and availability impacts are rated as none, the integrity compromise can indirectly affect confidentiality if malicious code exfiltrates data or availability if the PHP environment becomes unstable. Organizations with multi-user Windows systems or shared environments where multiple users have authenticated access are particularly at risk. The vulnerability could be exploited by insiders or attackers who have gained low-level access, making it a concern for organizations with less stringent internal access controls. Given the medium CVSS score and the requirement for authenticated access, the threat is moderate but should not be overlooked, especially in sectors with sensitive data or critical infrastructure relying on PHP applications.

Review and tighten NTFS permissions on the C:\tools\php81 directory and its contents to restrict write access only to trusted administrative accounts or service accounts responsible for PHP maintenance. Implement the principle of least privilege by ensuring that standard authenticated users do not have write permissions to system or application directories. Use Group Policy Objects (GPOs) or endpoint management tools to enforce consistent permission settings across all Windows systems using Chocolatey-managed PHP installations. Regularly audit file and folder permissions on critical application directories to detect and remediate any unauthorized changes. Consider deploying application whitelisting or integrity monitoring solutions to detect unauthorized modifications to PHP binaries or scripts. If feasible, update PHP installations to versions beyond 8.1.12 or apply vendor-provided patches once available to address this vulnerability. Limit the number of users with authenticated access on systems hosting PHP environments, and monitor user activities for suspicious behavior. Educate system administrators and security teams about this vulnerability to ensure timely detection and response.