Resource Leaks in Thread-Amount Tool by jzeuzs for Windows and Apple Platforms
CVE-2025-65947

8.7HIGH

Key Information:

Vendor

Jzeuzs

Status
Thread-amount
Vendor
CVE Published:
21 November 2025

What is CVE-2025-65947?

The thread-amount tool developed by jzeuzs experiences significant resource leaks on both Windows and Apple platforms. On Windows, the function responsible for querying the number of threads fails to close the HANDLE returned by CreateToolhelp32Snapshot, leading to an increase in handle counts, which could compromise system stability as the handle limit approaches. Conversely, on Apple platforms, the function's use of Mach kernel APIs allocates memory for thread counts but neglects to deallocate this memory, resulting in a gradual memory leak that may trigger the Out of Memory (OOM) killer. This vulnerability has been resolved in version 0.2.2.

Affected Version(s)

thread-amount < 0.2.2

References

https://github.com/jzeuzs/thread-amount/security/advisori...
x_refsource_CONFIRM
https://github.com/jzeuzs/thread-amount/pull/29
x_refsource_MISC
https://github.com/jzeuzs/thread-amount/commit/28860d4a38...
x_refsource_MISC

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-65947 : Resource Leaks in Thread-Amount Tool by jzeuzs for Windows and Apple Platforms