diff --git a/backport-CVE-2025-50181.patch b/backport-CVE-2025-50181.patch
new file mode 100644
index 0000000000000000000000000000000000000000..1235da75d55cc2f2088779b18a036e05703f04e0
--- /dev/null
+++ b/backport-CVE-2025-50181.patch
@@ -0,0 +1,90 @@
+From f05b1329126d5be6de501f9d1e3e36738bc08857 Mon Sep 17 00:00:00 2001
+From: Illia Volochii <illia.volochii@gmail.com>
+Date: Wed, 18 Jun 2025 16:25:01 +0300
+Subject: [PATCH] Merge commit from fork
+
+* Apply Quentin's suggestion
+
+Co-authored-by: Quentin Pradet <quentin.pradet@gmail.com>
+
+* Add tests for disabled redirects in the pool manager
+
+* Add a possible fix for the issue with not raised `MaxRetryError`
+
+* Make urllib3 handle redirects instead of JS when JSPI is used
+
+* Fix info in the new comment
+
+* State that redirects with XHR are not controlled by urllib3
+
+* Remove excessive params from new test requests
+
+* Add tests reaching max non-0 redirects
+
+* Test redirects with Emscripten
+
+* Fix `test_merge_pool_kwargs`
+
+* Add a changelog entry
+
+* Parametrize tests
+
+* Drop a fix for Emscripten
+
+* Apply Seth's suggestion to docs
+
+Co-authored-by: Seth Michael Larson <sethmichaellarson@gmail.com>
+
+* Use a minor release instead of the patch one
+
+Reference:https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857
+Conflict:test/with_dummyserver/test_poolmanger,
+test/contrib/emscripten/test_emscrepten.py has not been modified because
+is has been deleted in the pre-phase of the spec file;CHANGES.rst,
+docs/reference/contrib/emscripten.rst,dummyserver/app.py has not been
+modified because these are the latest features and informations, does
+not involve related modifications
+
+---
+ src/pip/_vendor/urllib3/poolmanager.py | 18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/src/pip/_vendor/urllib3/poolmanager.py b/src/pip/_vendor/urllib3/poolmanager.py
+index fb51bf7..a8de7c6 100644
+--- a/src/pip/_vendor/urllib3/poolmanager.py
++++ b/src/pip/_vendor/urllib3/poolmanager.py
+@@ -170,6 +170,22 @@ class PoolManager(RequestMethods):
+ 
+     def __init__(self, num_pools=10, headers=None, **connection_pool_kw):
+         RequestMethods.__init__(self, headers)
++        if "retries" in connection_pool_kw:
++            retries = connection_pool_kw["retries"]
++            if not isinstance(retries, Retry):
++                # When Retry is initialized, raise_on_redirect is based
++                # on a redirect boolean value.
++                # But requests made via a pool manager always set
++                # redirect to False, and raise_on_redirect always ends
++                # up being False consequently.
++                # Here we fix the issue by setting raise_on_redirect to
++                # a value needed by the pool manager without considering
++                # the redirect boolean.
++                raise_on_redirect = retries is not False
++                retries = Retry.from_int(retries, redirect=False)
++                retries.raise_on_redirect = raise_on_redirect
++                connection_pool_kw = connection_pool_kw.copy()
++                connection_pool_kw["retries"] = retries
+         self.connection_pool_kw = connection_pool_kw
+         self.pools = RecentlyUsedContainer(num_pools)
+ 
+@@ -389,7 +405,7 @@ class PoolManager(RequestMethods):
+             kw["body"] = None
+             kw["headers"] = HTTPHeaderDict(kw["headers"])._prepare_for_method_change()
+ 
+-        retries = kw.get("retries")
++        retries = kw.get("retries", response.retries)
+         if not isinstance(retries, Retry):
+             retries = Retry.from_int(retries, redirect=redirect)
+ 
+-- 
+2.33.0
+
diff --git a/python-pip.spec b/python-pip.spec
index 575dd162c5e57450f98d864356e219b5beb714ec..6549dd46e5eabee19803c2ca7c44e1937c82649e 100644
--- a/python-pip.spec
+++ b/python-pip.spec
@@ -6,7 +6,7 @@ pip is the package installer for Python. You can use pip to install packages fro
 %global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-%{_sysconfdir}/bash_completion.d})
 Name:           python-%{srcname}
 Version:        23.3.1
-Release:        4
+Release:        5
 Summary:        A tool for installing and managing Python packages
 License:        MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD)
 URL:            http://www.pip-installer.org
@@ -18,6 +18,7 @@ Patch6000:      dummy-certifi.patch
 Patch6001:      backport-CVE-2023-45803-Made-body-stripped-from-HTTP-requests.patch
 Patch6002:      backport-CVE-2024-37891-Strip-Proxy-Authorization-header-on-redirects.patch
 Patch6003:      backport-CVE-2024-47081.patch
+Patch6004:      backport-CVE-2025-50181.patch
 
 Source10: 	pip-allow-older-versions.patch
 
@@ -135,6 +136,9 @@ install -D -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pip.conf
 %{python_wheeldir}/%{python_wheelname}
 
 %changelog
+* Wed Sep 10 2025 xiangyuning <xiangyuning@h-partners.com> - 23.3.1-5
+- Fix CVE-2025-50181
+
 * Fri Aug 22 2025 hugel <gengqihu2@h-partners.com> - 23.3.1-4
 - Fix CVE-2024-47081