diff --git a/CVE-2025-40907.patch b/CVE-2025-40907.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5fbb9c4fd7f5d05db99a04c14052d8243377f06a
--- /dev/null
+++ b/CVE-2025-40907.patch
@@ -0,0 +1,38 @@
+From b0eabcaf4d4f371514891a52115c746815c2ff15 Mon Sep 17 00:00:00 2001
+From: Pycatchown <39068868+Pycatchown@users.noreply.github.com>
+Date: Tue, 8 Apr 2025 17:39:30 +0200
+Subject: [PATCH] Update fcgiapp.c
+
+Origin: https://github.com/FastCGI-Archives/fcgi2/pull/74
+
+Fixing an integer overflow (CVE-2025-23016)
+---
+ fcgiapp.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/fcgiapp.c b/fcgiapp.c
+index 4ffe318..99c3630 100644
+--- a/fcgiapp.c
++++ b/fcgiapp.c
+@@ -1175,6 +1175,10 @@ static int ReadParams(Params *paramsPtr, FCGX_Stream *stream)
+ 	    }
+             nameLen = ((nameLen & 0x7f) << 24) + (lenBuff[0] << 16)
+                     + (lenBuff[1] << 8) + lenBuff[2];
++	    if (nameLen >= INT_MAX) {
++                SetError(stream, FCGX_PARAMS_ERROR);
++                return -1;
++	    }
+         }
+         if((valueLen = FCGX_GetChar(stream)) == EOF) {
+             SetError(stream, FCGX_PARAMS_ERROR);
+@@ -1187,6 +1191,10 @@ static int ReadParams(Params *paramsPtr, FCGX_Stream *stream)
+ 	    }
+             valueLen = ((valueLen & 0x7f) << 24) + (lenBuff[0] << 16)
+                     + (lenBuff[1] << 8) + lenBuff[2];
++	    if (valueLen >= INT_MAX) {
++                SetError(stream, FCGX_PARAMS_ERROR);
++                return -1;
++	    }
+         }
+         /*
+          * nameLen and valueLen are now valid; read the name and value
diff --git a/perl-FCGI.spec b/perl-FCGI.spec
index 5ea766f4bb689b5cc8f59a5157a4ab2950e1f8d1..8546552fdd36efab167b27b54f85e3917e5b385c 100644
--- a/perl-FCGI.spec
+++ b/perl-FCGI.spec
@@ -5,12 +5,13 @@
 Name:           perl-FCGI
 Epoch:          1
 Version:        0.82
-Release:        3
+Release:        4
 Summary:        FastCGI Perl bindings
 License:        OML
 URL:            https://metacpan.org/release/FCGI
 Source0:        https://cpan.metacpan.org/authors/id/E/ET/ETHER/FCGI-%{version}.tar.gz
-Patch0:		    FCGI-0.78-CVE-2012-6687.patch
+Patch0:         FCGI-0.78-CVE-2012-6687.patch
+Patch1:         CVE-2025-40907.patch
 
 # bash for sh executed from Makefile.PL
 BuildRequires:  bash
@@ -96,6 +97,9 @@ make test
 %doc ChangeLog README
 
 %changelog
+* Tue May 20 2025 wangkai <13474090681@163.com> - 1:0.82-4
+- Fix CVE-2025-40907
+
 * Fri Jan 10 2025 pengjian <pengjian23@mails.ucas.ac.cn> - 1:0.82-3
 - Introduced environment variable-controlled polling timeouts 
 for the close and connection-keeping functions in the os_unix.c file.
@@ -110,4 +114,4 @@ for the close and connection-keeping functions in the os_unix.c file.
 - %prep no longer patched with git
 
 * Tue Apr 14 2020 Jeffery.Gao <gaojianxing@huawei.com> - 1:0.78-11
-- Package init
\ No newline at end of file
+- Package init