diff --git a/backport-upstream-Fix-logic-error-in-DisableForwarding-option.patch b/backport-upstream-Fix-logic-error-in-DisableForwarding-option.patch
new file mode 100644
index 0000000000000000000000000000000000000000..0272aeca027cc0e755d7258c47507abc1b060542
--- /dev/null
+++ b/backport-upstream-Fix-logic-error-in-DisableForwarding-option.patch
@@ -0,0 +1,40 @@
+From fc86875e6acb36401dfc1dfb6b628a9d1460f367 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Wed, 9 Apr 2025 07:00:03 +0000
+Subject: [PATCH] upstream: Fix logic error in DisableForwarding option. This
+ option
+
+was documented as disabling X11 and agent forwarding but it failed to do so.
+Spotted by Tim Rice.
+
+OpenBSD-Commit-ID: fffc89195968f7eedd2fc57f0b1f1ef3193f5ed1
+---
+ session.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/session.c b/session.c
+index 1b67393..e968c22 100644
+--- a/session.c
++++ b/session.c
+@@ -2345,7 +2345,8 @@ session_auth_agent_req(struct ssh *ssh, Session *s)
+ 	if ((r = sshpkt_get_end(ssh)) != 0)
+ 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
+ 	if (!auth_opts->permit_agent_forwarding_flag ||
+-	    !options.allow_agent_forwarding) {
++	    !options.allow_agent_forwarding ||
++	    options.disable_forwarding) {
+ 		debug_f("agent forwarding disabled");
+ 		return 0;
+ 	}
+@@ -2761,7 +2762,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s)
+ 		ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
+ 		return 0;
+ 	}
+-	if (!options.x11_forwarding) {
++	if (!options.x11_forwarding || options.disable_forwarding) {
+ 		debug("X11 forwarding disabled in server configuration file.");
+ 		return 0;
+ 	}
+-- 
+2.33.0
+
diff --git a/openssh.spec b/openssh.spec
index 2a727d7265eef900cc9aaac248fd6ed5c168c800..8772f312a9e5c3150dd70e33da268f9ae0b401db 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}
 
 %global sshd_uid    74
-%global openssh_release 5
+%global openssh_release 6
 
 Name:           openssh
 Version:        9.6p1
@@ -113,6 +113,7 @@ Patch72:        backport-upstream-some-extra-paranoia.patch
 Patch73:        backport-fix-CVE-2024-39894.patch
 Patch74:        backport-fix-CVE-2025-26465.patch
 Patch75:        backport-fix-CVE-2025-26466.patch
+Patch76:        backport-upstream-Fix-logic-error-in-DisableForwarding-option.patch
 
 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
@@ -272,6 +273,7 @@ popd
 %patch -P 73 -p1
 %patch -P 74 -p1
 %patch -P 75 -p1
+%patch -P 76 -p1
 
 autoreconf
 pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
@@ -503,6 +505,12 @@ fi
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 
 %changelog
+* Fri Apr 11 2025 liningjie <liningjie@xfusion.com> - 9.6p1-6
+- Type:CVE
+- CVE:CVE-2025-32728
+- SUG:NA
+- DESC:Fix CVE-2025-32728
+
 * Tue Feb 18 2025 bitianyuan <bitianyuan@huawei.com> - 9.6p1-5
 - Type:CVE
 - CVE:CVE-2025-26465 CVE-2025-26466