diff --git a/backport-CVE-2025-30232.patch b/backport-CVE-2025-30232.patch
new file mode 100644
index 0000000000000000000000000000000000000000..cdaba8b131f0b09c58eeed06d8cba457c429a8a3
--- /dev/null
+++ b/backport-CVE-2025-30232.patch
@@ -0,0 +1,63 @@
+From f1e4c6423ec406c53035975a82676a753b32203a Mon Sep 17 00:00:00 2001
+From: maoyanping <maoyanping@xfusion.com>
+Date: Thu, 17 Apr 2025 21:25:52 +0800
+Subject: [PATCH] backport-CVE-2025-30232
+
+---
+ src/debug.c | 26 +++++++++++++++-----------
+ 1 file changed, 15 insertions(+), 11 deletions(-)
+
+diff --git a/src/debug.c b/src/debug.c
+index 1d48f13..7af5e02 100644
+--- a/src/debug.c
++++ b/src/debug.c
+@@ -452,6 +452,18 @@ diverts output to a circular buffer if the buffer is set up.
+ The routines here set up the buffer, and unload it to file (and release it).
+ What ends up in the buffer is subject to the usual debug_selector. */
+ 
++void
++debug_pretrigger_discard(void)
++{
++dtrigger_selector = 0;
++if (debug_pretrigger_buf)
++  {
++  uschar * buf = debug_pretrigger_buf;
++  debug_pretrigger_buf = NULL;
++  store_free(buf);
++  }
++}
++
+ void
+ debug_pretrigger_setup(const uschar * size_string)
+ {
+@@ -460,10 +472,10 @@ if (size > 0)
+   {
+   unsigned bufsize = MIN(size, 16384);
+ 
+-  dtrigger_selector |= BIT(DTi_pretrigger);
+-  if (debug_pretrigger_buf) store_free(debug_pretrigger_buf);
+-  debug_pretrigger_buf = store_malloc((size_t)(debug_pretrigger_bsize = bufsize));
++  debug_pretrigger_discard();
+   pretrigger_readoff = pretrigger_writeoff = 0;
++  debug_pretrigger_buf = store_malloc((size_t)(debug_pretrigger_bsize = bufsize));
++  dtrigger_selector |= BIT(DTi_pretrigger);
+   }
+ }
+ 
+@@ -487,13 +499,5 @@ if (debug_file && (nbytes = pretrigger_writeoff - pretrigger_readoff) != 0)
+ debug_pretrigger_discard();
+ }
+ 
+-void
+-debug_pretrigger_discard(void)
+-{
+-if (debug_pretrigger_buf) store_free(debug_pretrigger_buf);
+-debug_pretrigger_buf = NULL;
+-dtrigger_selector = 0;
+-}
+-
+ 
+ /* End of debug.c */
+-- 
+2.33.0
+
diff --git a/exim.spec b/exim.spec
index 40f4c4864ec6ccb8a7a382760e2dd416ee3d2b73..afa396b73fb1d1fd219a5b28697c59875955c0af 100644
--- a/exim.spec
+++ b/exim.spec
@@ -4,7 +4,7 @@
 Summary:          The exim mail transfer agent
 Name:             exim
 Version:          4.97.1
-Release:          2
+Release:          3
 License:          GPLv2+
 Url:              https://www.exim.org/
 
@@ -40,6 +40,7 @@ Patch1:           exim-4.94-libdir.patch
 Patch2:           exim-4.97-dlopen-localscan.patch
 Patch3:           exim-4.96-pic.patch
 Patch4:           CVE-2023-51766.patch
+Patch5:           backport-CVE-2025-30232.patch
 
 Requires:         /etc/pki/tls/certs /etc/pki/tls/private
 Requires:         setup
@@ -480,6 +481,9 @@ fi
 %{_sysconfdir}/cron.daily/greylist-tidy.sh
 
 %changelog
+* Thu Apr 17 2025 maoyanping <maoyanping@xfusion.com> - 4.97.1-3
+- Fix CVE-2025-30232
+
 * Tue Jul  9 2024 technology208 <technology@208suo.com> - 4.97-2
 - Fix CVE-2023-51766