CVE-2025-65947 is a vulnerability classified under CWE-400 (Uncontrolled Resource Consumption) and CWE-772 (Missing Release of Resource after Effective Lifetime) affecting the thread-amount tool developed by jzeuzs. The tool is designed to retrieve the number of threads in the current process. In versions prior to 0.2.2, the implementation on Windows platforms calls the Windows API CreateToolhelp32Snapshot to obtain thread information but neglects to close the HANDLE returned by this call using CloseHandle. This omission causes a handle leak that accumulates with each invocation, eventually exhausting the process's handle quota and leading to system instability or forced termination of the process. On Apple platforms (macOS), the tool uses Mach kernel APIs, specifically task_threads, which allocates memory for the thread list. The vulnerability arises because the allocated memory is not freed via vm_deallocate, resulting in a memory leak that grows with repeated calls. This leak can cause the process to consume excessive memory and be terminated by the operating system's Out of Memory (OOM) killer. The vulnerability does not require any authentication or user interaction and can be exploited remotely if the tool is exposed in such a manner. The issue was publicly disclosed on November 21, 2025, with a CVSS 4.0 base score of 8.7 (high severity), reflecting its potential to cause significant denial of service through resource exhaustion. No known exploits have been reported in the wild to date. The vulnerability has been fixed in thread-amount version 0.2.2 by ensuring proper resource release after querying thread counts on both Windows and Apple platforms.

For European organizations, this vulnerability poses a significant risk of denial of service on systems running vulnerable versions of thread-amount, particularly on Windows and macOS endpoints or servers. The handle leak on Windows can degrade system stability, cause application crashes, or force process termination, potentially disrupting critical services or monitoring tools that rely on thread-amount. On Apple platforms, the memory leak can lead to increased memory consumption, triggering the OOM killer to terminate the affected process, which may result in service interruptions or loss of monitoring capabilities. Organizations with automated systems or scripts that frequently query thread counts using this tool are especially vulnerable to rapid resource depletion. This could impact operational continuity, especially in environments with limited system resources or strict uptime requirements. Additionally, if thread-amount is integrated into security or performance monitoring solutions, its failure could blind defenders to other ongoing issues. Although no active exploitation is reported, the high CVSS score and ease of exploitation without authentication or user interaction make timely remediation critical to prevent potential denial of service attacks or accidental outages.

The primary mitigation is to upgrade the thread-amount tool to version 0.2.2 or later, where the resource leaks have been fixed. Organizations should audit their environments to identify all instances of thread-amount and verify the version in use. For environments where immediate upgrade is not feasible, implement monitoring of handle counts on Windows systems and memory usage on Apple systems for processes invoking thread-amount to detect abnormal resource consumption early. Limit the frequency of calls to thread-amount in automated scripts or monitoring tools to reduce the risk of rapid resource exhaustion. Employ application whitelisting and endpoint protection to prevent unauthorized or unintended execution of vulnerable versions. Additionally, consider isolating or sandboxing processes that use thread-amount to contain potential impact. Regularly review and update system and application inventories to ensure vulnerable versions are not overlooked. Finally, maintain awareness of vendor advisories and apply patches promptly to minimize exposure.