diff --git a/backport-CVE-2024-40725.patch b/backport-CVE-2024-40725.patch
new file mode 100644
index 0000000000000000000000000000000000000000..92f8143e5f412b408b352151bf0e2118d5a886a9
--- /dev/null
+++ b/backport-CVE-2024-40725.patch
@@ -0,0 +1,29 @@
+From a7d24b4ea9a6ea35878fd33075365328caafcf91 Mon Sep 17 00:00:00 2001
+From: Eric Covener <covener@apache.org>
+Date: Mon, 15 Jul 2024 12:08:30 +0000
+Subject: [PATCH] Merge r1919247 from trunk:
+
+copy the trusted flag from the subrequest
+
+Submitted By: covener
+Reviewed By: covener, ylavic, gbechis
+
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1919249 13f79535-47bb-0310-9956-ffa450edef68
+---
+ modules/http/http_request.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/http/http_request.c b/modules/http/http_request.c
+index 71ecc2bbab1..7e9477be1f1 100644
+--- a/modules/http/http_request.c
++++ b/modules/http/http_request.c
+@@ -708,7 +708,7 @@ AP_DECLARE(void) ap_internal_fast_redirect(request_rec *rr, request_rec *r)
+     r->args = rr->args;
+     r->finfo = rr->finfo;
+     r->handler = rr->handler;
+-    ap_set_content_type_ex(r, rr->content_type, AP_REQUEST_IS_TRUSTED_CT(r));
++    ap_set_content_type_ex(r, rr->content_type, AP_REQUEST_IS_TRUSTED_CT(rr));
+     r->content_encoding = rr->content_encoding;
+     r->content_languages = rr->content_languages;
+     r->per_dir_config = rr->per_dir_config;
diff --git a/httpd.spec b/httpd.spec
index 6655231b69005903efc2fc281ed8dd4ce25ab4c1..c9fd73662546232f7b0687b9e4d5d6d51fc45fcc 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -8,7 +8,7 @@
 Name:             httpd
 Summary:          Apache HTTP Server
 Version:          2.4.58
-Release:          6
+Release:          7
 License:          ASL 2.0
 URL:              https://httpd.apache.org/
 Source0:          https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@@ -87,6 +87,7 @@ Patch33:          backport-CVE-2024-38474-CVE-2024-38475-tighten-up-prefix_stat.
 Patch34:          backport-CVE-2024-38476-add-ap_set_content_type_ex-to-differentiate-trusted-sources.patch
 Patch35:          backport-CVE-2024-38477-validate-hostsname.patch
 Patch36:          backport-CVE-2024-39884-maintain-trusted-flag.patch
+Patch37:          backport-CVE-2024-40725.patch
 
 BuildRequires:    gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
 BuildRequires:    zlib-devel libselinux-devel lua-devel brotli-devel
@@ -524,6 +525,12 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Fri Jul 26 2024 Han Jinpeng <hanjinpeng@kylinos.cn> - 2.4.58-7
+- Type:CVE
+- ID:CVE-2024-40725
+- SUG:NA
+- DESC:fix CVE-2024-40725
+
 * Mon Jul 08 2024 chengyechun <chengyechun1@huawei.com> - 2.4.58-6
 - Type:CVE
 - ID:CVE-2024-38473,CVE-2024-38474,CVE-2024-38475,CVE-2024-38476,CVE-2024-38477,CVE-2024-39884,CVE-2024-39573