Cybersecurity Vulnerabilities

CVE-2025-65947: Resource Leaks in thread-amount Lead to System Instability

November 22, 2025 - By 

Overview

CVE-2025-65947 identifies a critical resource leak vulnerability within the thread-amount tool, a utility designed to determine the number of threads in the current process. Versions prior to 0.2.2 exhibit resource leaks on both Windows and Apple platforms when querying thread counts. This flaw can lead to system instability and process termination if left unaddressed.

Technical Details

The vulnerability manifests differently on Windows and Apple platforms:

Windows

On Windows, the thread_amount function invokes CreateToolhelp32Snapshot to obtain a snapshot of the system’s processes and threads. However, the returned HANDLE is not properly closed using CloseHandle. Consequently, repeated calls to thread_amount result in a continuous accumulation of open handles. This uncontrolled handle growth eventually exhausts the process’s handle limit, leading to system instability or process termination.

Apple (macOS)

On Apple platforms, the thread_amount function leverages Mach kernel APIs, specifically task_threads, to retrieve a list of threads. The task_threads function allocates memory to store the thread list. The vulnerability lies in the failure to deallocate this memory using vm_deallocate after the thread count is determined. Over time, repeated calls to thread_amount cause a significant memory leak, ultimately leading to the process being terminated by the operating system’s Out-of-Memory (OOM) killer.

CVSS Analysis

Due to the nature of the vulnerability which causes resource exhaustion instead of direct data corruption, a CVSS score is not available (N/A). However, the impact of this vulnerability can be significant, potentially leading to denial-of-service conditions.

Possible Impact

The resource leaks in thread-amount can have the following consequences:

  • System Instability: Excessive handle or memory consumption can degrade overall system performance.
  • Process Termination: Processes relying on thread-amount may be terminated due to exceeding handle limits (Windows) or triggering the OOM killer (Apple).
  • Denial of Service (DoS): In scenarios where thread-amount is repeatedly invoked (e.g., in a loop or by multiple concurrent threads), the resource exhaustion can effectively lead to a DoS condition.

Mitigation or Patch Steps

The vulnerability has been addressed in thread-amount version 0.2.2. Users of thread-amount are strongly advised to upgrade to version 0.2.2 or later. The patch implements the necessary resource cleanup (CloseHandle on Windows and vm_deallocate on Apple platforms) to prevent the resource leaks.

References

Commit fixing the vulnerability
Pull Request addressing the issue
GitHub Security Advisory: GHSA-jf9p-2fv9-2jp2

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *