diff --git a/CVE-2025-30346.patch b/CVE-2025-30346.patch
new file mode 100644
index 0000000000000000000000000000000000000000..63f976dbac013c83af293a0340e4a961e7a1d917
--- /dev/null
+++ b/CVE-2025-30346.patch
@@ -0,0 +1,50 @@
+From 8ef69a03b36aeac5f364c01eb20f821860e47f14 Mon Sep 17 00:00:00 2001
+From: Dag Haavi Finstad <daghf@varnish-software.com>
+Date: Fri, 10 Jan 2025 13:07:54 +0100
+Subject: [PATCH] req_fsm: Close the connection on a malformed request
+
+---
+ bin/varnishd/cache/cache_req_fsm.c | 2 ++
+ bin/varnishtest/tests/b00037.vtc   | 2 ++
+ 2 files changed, 4 insertions(+)
+
+diff --git a/bin/varnishd/cache/cache_req_fsm.c b/bin/varnishd/cache/cache_req_fsm.c
+index 1004cbc5f47..803810210ef 100644
+--- a/bin/varnishd/cache/cache_req_fsm.c
++++ b/bin/varnishd/cache/cache_req_fsm.c
+@@ -962,6 +962,7 @@ cnt_recv(struct worker *wrk, struct req *req)
+ 	if (http_CountHdr(req->http0, H_Host) > 1) {
+ 		VSLb(req->vsl, SLT_BogoHeader, "Multiple Host: headers");
+ 		wrk->stats->client_req_400++;
++		req->doclose = SC_RX_BAD;
+ 		(void)req->transport->minimal_response(req, 400);
+ 		return (REQ_FSM_DONE);
+ 	}
+@@ -969,6 +970,7 @@ cnt_recv(struct worker *wrk, struct req *req)
+ 	if (http_CountHdr(req->http0, H_Content_Length) > 1) {
+ 		VSLb(req->vsl, SLT_BogoHeader, "Multiple Content-Length: headers");
+ 		wrk->stats->client_req_400++;
++		req->doclose = SC_RX_BAD;
+ 		(void)req->transport->minimal_response(req, 400);
+ 		return (REQ_FSM_DONE);
+ 	}
+diff --git a/bin/varnishtest/tests/b00037.vtc b/bin/varnishtest/tests/b00037.vtc
+index ce0e841123e..e6185bd0764 100644
+--- a/bin/varnishtest/tests/b00037.vtc
++++ b/bin/varnishtest/tests/b00037.vtc
+@@ -11,6 +11,7 @@ client c1 {
+ 
+ varnish v1 -vsl_catchup
+ varnish v1 -expect client_req_400 == 1
++varnish v1 -expect sc_rx_bad == 1
+ 
+ client c1 {
+ 	txreq -method POST -hdr "Content-Length: 12" -hdr "Content-Length: 12" -bodylen 12
+@@ -20,6 +21,7 @@ client c1 {
+ 
+ varnish v1 -vsl_catchup
+ varnish v1 -expect client_req_400 == 2
++varnish v1 -expect sc_rx_bad == 2
+ 
+ varnish v1 -cliok "param.set feature +http2"
+ 
diff --git a/varnish.spec b/varnish.spec
index 7881f067db6e387b57d46f9bde24de8fffb96062..1b26dde7407d70685ff884bbee25505d71acd173 100644
--- a/varnish.spec
+++ b/varnish.spec
@@ -3,7 +3,7 @@
 Name:             varnish
 Summary:          A web application accelerator
 Version:          7.4.3
-Release:          1
+Release:          2
 License:          BSD-2-Clause
 URL:              https://www.varnish-cache.org/
 Source0:          http://varnish-cache.org/_downloads/varnish-%{version}.tgz
@@ -12,6 +12,7 @@ Source0:          http://varnish-cache.org/_downloads/varnish-%{version}.tgz
 Source1:          https://github.com/varnishcache/pkg-varnish-cache/archive/0ad2f22629c4a368959c423a19e352c9c6c79682/pkg-varnish-cache-0ad2f22.tar.gz
 Patch0001:        fix-varnish-devel-installation-failure.patch
 Patch0002:        fix-varnish.service-reload-failed.patch
+Patch0003:        CVE-2025-30346.patch
 
 BuildRequires:    python3-sphinx python3-docutils pkgconfig make graphviz nghttp2 systemd-units
 BuildRequires:    ncurses-devel pcre2-devel libedit-devel gcc
@@ -160,6 +161,9 @@ test -f /etc/varnish/secret || (uuidgen > /etc/varnish/secret && chmod 0600 /etc
 %{_mandir}/man7/*.7*
 
 %changelog
+* Mon Mar 24 2025 yaoxin <1024769339@qq.com> - 7.4.3-2
+- Fix CVE-2025-30346
+
 * Mon Mar 25 2024 zhangxingrong <zhangxingrong@uniontech.com> - 7.4.3-1
 - Update to 7.4.3 for fix CVE-2024-30156