diff --git a/CVE-2025-5455.patch b/CVE-2025-5455.patch
new file mode 100644
index 0000000000000000000000000000000000000000..91d28cd244c4da0411024b8fcae3c8abe78bb5b4
--- /dev/null
+++ b/CVE-2025-5455.patch
@@ -0,0 +1,32 @@
+From 948113e99df485aa42e2f9b48e096d81820a0b5c Mon Sep 17 00:00:00 2001
+From: niuwanli <niuwanli@cqsoftware.com.cn>
+Date: Fri, 22 Aug 2025 09:25:51 +0800
+Subject: [PATCH] qt-CVE-2025-5455
+
+Signed-off-by: niuwanli <niuwanli@cqsoftware.com.cn>
+---
+ .../src/corelib/io/qdataurl.cpp                           | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/corelib/io/qdataurl.cpp b/src/corelib/io/qdataurl.cpp
+index 6794ff1..779c419 100644
+--- a/src/corelib/io/qdataurl.cpp
++++ b/src/corelib/io/qdataurl.cpp
+@@ -82,10 +82,10 @@ Q_CORE_EXPORT QPair<QString, QByteArray> qDecodeDataUrl(const QUrl &uri)
+             }
+ 
+             if (data.toLower().startsWith("charset")) {
+-                int i = 7;      // strlen("charset")
+-                while (data.at(i) == ' ')
+-                    ++i;
+-                if (data.at(i) == '=')
++                QByteArray copy = data.mid(QByteArray("charset").size());
++                while (copy.startsWith(' '))
++                    copy.mid(1);
++                if (copy.startsWith('='))
+                     data.prepend("text/plain;");
+             }
+ 
+-- 
+2.43.0
+
diff --git a/qt.spec b/qt.spec
index 8c2d3fdcdc7279b9679a2b15bc71a8fedd7d7c8d..ed1ad0714e6070dcc399fd1b8e453647abf00068 100644
--- a/qt.spec
+++ b/qt.spec
@@ -13,7 +13,7 @@
 Name:           qt
 Epoch:          1
 Version:        4.8.7
-Release:        63
+Release:        64
 Summary:        A software toolkit for developing applications
 License:        (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
 URL:            https://www.qt.io/
@@ -91,6 +91,7 @@ Patch6008:      qt-CVE-2023-34410.patch
 Patch6009:      qt-CVE-2023-38197.patch
 Patch6010:      qt-CVE-2023-37369.patch 
 Patch6011:      qt-CVE-2023-43114.patch 
+Patch6012:      CVE-2025-5455.patch
 
 BuildRequires:  cups-devel desktop-file-utils gcc-c++ libjpeg-devel findutils libmng-devel libtiff-devel pkgconfig pkgconfig(alsa)
 BuildRequires:  pkgconfig(dbus-1) pkgconfig(fontconfig) pkgconfig(glib-2.0) pkgconfig(icu-i18n) openssl-devel pkgconfig(libpng)
@@ -442,6 +443,12 @@ fi
 %{_qt4_prefix}/examples/
 
 %changelog
+* Fri Aug 22 2025 niuwanli <niuwanli@cqsoftware.com.cn> - 1:4.8.7-64
+- Type:cves
+- ID:CVE-2025-5455
+- SUG:NA
+- DESC:fix CVE-2025-5455
+
 * Fri Jan 24 2025 Funda Wang <fundawang@yeah.net> - 1:4.8.7-63
 - fix build with icu 76