diff --git a/0002-dont_allow_suid_and_dev_set_on_fs_resize.patch b/0002-dont_allow_suid_and_dev_set_on_fs_resize.patch
new file mode 100644
index 0000000000000000000000000000000000000000..dc1898045da663009095f7b4f12d323da1c69ee5
--- /dev/null
+++ b/0002-dont_allow_suid_and_dev_set_on_fs_resize.patch
@@ -0,0 +1,23 @@
+From 46b54414f66e965e3c37f8f51e621f96258ae22e Mon Sep 17 00:00:00 2001
+From: Thomas Blume <Thomas.Blume@suse.com>
+Date: Fri, 16 May 2025 14:27:10 +0200
+Subject: [PATCH] Don't allow suid and dev set on fs resize
+
+Fixes: CVE-2025-6019
+---
+ src/plugins/fs/generic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/plugins/fs/generic.c b/src/plugins/fs/generic.c
+index 69333944..4a0c7cf8 100644
+--- a/src/plugins/fs/generic.c
++++ b/src/plugins/fs/generic.c
+@@ -649,7 +649,7 @@ static gchar* fs_mount (const gchar *device, gchar *fstype, gboolean read_only,
+                              "Failed to create temporary directory for mounting '%s'.", device);
+                 return NULL;
+             }
+-            ret = bd_fs_mount (device, mountpoint, fstype, read_only ? "ro" : NULL, NULL, &l_error);
++            ret = bd_fs_mount (device, mountpoint, fstype, read_only ? "nosuid,nodev,ro" : "nosuid,nodev", NULL, &l_error);
+             if (!ret) {
+                 g_propagate_prefixed_error (error, l_error, "Failed to mount '%s': ", device);
+                 g_rmdir (mountpoint);
diff --git a/libblockdev.spec b/libblockdev.spec
index 7546187154882348815ae416eed084f10c9b0bdb..5b43adc12f02e08548cdc37f9deb09a38738ce94 100644
--- a/libblockdev.spec
+++ b/libblockdev.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 
 
 %define with_python3 1
@@ -92,6 +92,7 @@ License:     LGPL-2.1-or-later
 URL:         https://github.com/storaged-project/libblockdev
 Source0:     https://github.com/storaged-project/libblockdev/releases/download/%{version}/%{name}-%{version}.tar.gz
 Patch0:      0001-nvme_Avoid_element-type_g-i_annotations.patch
+Patch1:      0002-dont_allow_suid_and_dev_set_on_fs_resize.patch
 
 BuildRequires: make
 BuildRequires: glib2-devel
@@ -931,6 +932,9 @@ find %{buildroot} -type f -name "*.la" | xargs %{__rm}
 %doc README.md
 
 %changelog
+* Fri Jun 20 2025 Shile Zhang <shile.zhang@linux.alibaba-inc.com> - 3.2.0-2
+- Fix CVE-2025-6019
+
 * Fri Feb 28 2025 Xiaoping Liu <lxp01404969@alibaba-inc.com> - 3.2.0-1
 - update to 3.2.0 from 2.28
 - Migrated to SPDX license