CVE-2025-65947 is a vulnerability classified under CWE-400 (Uncontrolled Resource Consumption) and CWE-772 (Missing Release of Resource after Effective Lifetime) affecting the jzeuzs project’s thread-amount tool prior to version 0.2.2. The thread-amount tool is designed to retrieve the number of threads in the current process. On Windows platforms, the vulnerability arises because the function calls CreateToolhelp32Snapshot to obtain thread information but neglects to close the HANDLE returned by this API using CloseHandle. This results in a handle leak that accumulates with each call, eventually exhausting the process’s handle quota and causing instability or termination. On Apple platforms, the function uses Mach kernel APIs, specifically task_threads, which allocates memory for the thread list. The vulnerability is due to the failure to deallocate this memory with vm_deallocate, causing a steady memory leak. Repeated invocations lead to increased memory consumption until the operating system’s out-of-memory (OOM) killer terminates the process. The vulnerability requires no privileges or user interaction, making it trivially exploitable by any code invoking the vulnerable function repeatedly. Although no known exploits are currently reported in the wild, the high CVSS 4.0 score of 8.7 reflects the significant impact on availability through denial of service. The issue has been addressed in version 0.2.2 of thread-amount by properly releasing handles and deallocating memory after use.

For European organizations, this vulnerability poses a risk primarily to applications or services that incorporate the vulnerable thread-amount tool or library versions prior to 0.2.2. The uncontrolled resource consumption can lead to denial of service conditions by exhausting system handles on Windows or memory on Apple platforms. This can cause critical processes to crash or be terminated, potentially disrupting business operations, especially in environments with high-frequency thread monitoring or diagnostics. Systems with limited resources or those running multiple instances of the vulnerable code are at higher risk. The impact is particularly relevant for sectors relying on stability and uptime such as finance, healthcare, and critical infrastructure. Additionally, organizations using macOS or Windows-based endpoint monitoring or diagnostic tools that embed thread-amount may experience degraded performance or unexpected process terminations. Although no direct confidentiality or integrity impact is indicated, the availability impact can indirectly affect service reliability and operational continuity.

European organizations should immediately identify any usage of the jzeuzs thread-amount tool or library in their environments and verify the version in use. Upgrading to version 0.2.2 or later is the primary mitigation step, as this version includes fixes that properly close handles on Windows and deallocate memory on Apple platforms. For environments where immediate upgrade is not feasible, implement monitoring of handle counts and memory usage for processes invoking thread-amount to detect abnormal resource consumption early. Limit the frequency of calls to the thread-amount function to reduce resource exhaustion risk. Employ application-level resource management and watchdog mechanisms to restart or isolate affected processes before resource limits cause system instability. Additionally, conduct code audits to ensure proper resource management practices are followed in custom or third-party software that may use similar APIs. Finally, maintain updated system patches and security monitoring to detect potential exploitation attempts.