Missing Release of Resource after Effective Lifetime Affecting thread-amount package, versions <0.2.2
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RUST-THREADAMOUNT-14100996
- published23 Nov 2025
- disclosed21 Nov 2025
- creditUnknown
Introduced: 21 Nov 2025
NewCVE-2025-65947 (opens in a new tab)How to fix?
Upgrade thread-amount to version 0.2.2 or higher.
Overview
thread-amount is a library for geting the amount of threads in the current process
Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via the thread_amount function. An attacker can cause resource exhaustion by repeatedly invoking this function on Windows or macOS/iOS platforms, leading to unclosed handles or unreleased memory, which may result in process termination or system instability.
Note: Long-running applications that use this crate to check thread counts periodically will eventually crash due to resource exhaustion, even without the direct involvement of a thread actor.