diff --git a/0023-CVE-2025-5318.patch b/0023-CVE-2025-5318.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6e935ed30f27d21442d45c5b31e48e5778546e93
--- /dev/null
+++ b/0023-CVE-2025-5318.patch
@@ -0,0 +1,16 @@
+diff --git a/src/sftpserver.c b/src/sftpserver.c
+index 9117f15..b3349e1 100644
+--- a/src/sftpserver.c
++++ b/src/sftpserver.c
+@@ -538,7 +538,7 @@ void *sftp_handle(sftp_session sftp, ssh_string handle){
+ 
+   memcpy(&val, ssh_string_data(handle), sizeof(uint32_t));
+ 
+-  if (val > SFTP_HANDLES) {
++  if (val >= SFTP_HANDLES) {
+     return NULL;
+   }
+ 
+-- 
+2.43.5
+
diff --git a/libssh.spec b/libssh.spec
index 467b782266545b127877e0ee45ad68af9cc3ae44..ba771456d2f17f58c3f3bcac77793eb477cf9ec7 100644
--- a/libssh.spec
+++ b/libssh.spec
@@ -1,4 +1,4 @@
-%define anolis_release 5
+%define anolis_release 6
 %global _smp_build_ncpus 1
 
 Name:           libssh
@@ -38,6 +38,9 @@ Patch0019:      0019-CVE-2023-6004-torture_config-Allow-multiple-in-usern.patch
 Patch0020:      0020-Fix-regression-in-IPv6-addresses-in-hostname-parsing.patch
 Patch0021:      0021-tests-Increase-test-coverage-for-IPv6-address-parsin.patch
 Patch0022:      0022-libssh-0.10.6-rekey-timeout.patch
+# https://git.libssh.org/projects/libssh.git/commit/?id=5f4ffda88770f95482fd0e66aa44106614dbf466
+Patch0023:      0023-CVE-2025-5318.patch
+
 
 BuildRequires:  cmake gcc-c++
 BuildRequires:  openssl-devel zlib-devel krb5-devel libcmocka-devel
@@ -148,6 +151,9 @@ popd
 %doc AUTHORS CHANGELOG README
 
 %changelog
+* Fri Jul 4 2025 wh02252983 <wh02252983@alibaba-inc.com> - 0.10.5-6
+- Fix CVE-2025-5318
+
 * Tue Jun 10 2025 Yihao Yan <yan.yihao@zte.com.cn> - 0.10.5-5
 - fix rekey test timeout