diff --git a/backport-CVE-2022-1725.patch b/backport-CVE-2022-1725.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9c402344d037fff66393a4bfc55c2b7bd46972f5
--- /dev/null
+++ b/backport-CVE-2022-1725.patch
@@ -0,0 +1,119 @@
+From b62dc5e7825bc195efe3041d5b3a9f1528359e1c Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Sun, 15 May 2022 14:50:12 +0100
+Subject: [PATCH] patch 8.2.4959: using NULL regexp program
+
+Problem:    Using NULL regexp program.
+Solution:   Check for regexp program becoming NULL in more places.
+---
+ src/buffer.c                | 32 +++++++++++++++++++-------------
+ src/testdir/test_buffer.vim |  6 ++++++
+ 2 files changed, 25 insertions(+), 13 deletions(-)
+
+diff --git a/src/buffer.c b/src/buffer.c
+index 8fabbdb..f66c234 100644
+--- a/src/buffer.c
++++ b/src/buffer.c
+@@ -2583,13 +2583,15 @@ buflist_findpat(
+ 		if (*p == '^' && !(attempt & 1))	 // add/remove '^'
+ 		    ++p;
+ 		regmatch.regprog = vim_regcomp(p, p_magic ? RE_MAGIC : 0);
+-		if (regmatch.regprog == NULL)
+-		{
+-		    vim_free(pat);
+-		    return -1;
+-		}
+ 
+ 		for (buf = lastbuf; buf != NULL; buf = buf->b_prev)
++                {
++                    if (regmatch.regprog == NULL)
++                    {
++                        // invalid pattern, possibly after switching engine
++                        vim_free(pat);
++                        return -1;
++                    }
+ 		    if (buf->b_p_bl == find_listed
+ #ifdef FEAT_DIFF
+ 			    && (!diffmode || diff_mode_buf(buf))
+@@ -2615,6 +2617,7 @@ buflist_findpat(
+ 			}
+ 			match = buf->b_fnum;	// remember first match
+ 		    }
++                }
+ 
+ 		vim_regfree(regmatch.regprog);
+ 		if (match >= 0)			// found one match
+@@ -2693,12 +2696,6 @@ ExpandBufnames(
+ 	if (attempt > 0 && patc == pat)
+ 	    break;	// there was no anchor, no need to try again
+ 	regmatch.regprog = vim_regcomp(patc + attempt * 11, RE_MAGIC);
+-	if (regmatch.regprog == NULL)
+-	{
+-	    if (patc != pat)
+-		vim_free(patc);
+-	    return FAIL;
+-	}
+ 
+ 	/*
+ 	 * round == 1: Count the matches.
+@@ -2711,6 +2708,12 @@ ExpandBufnames(
+ 	    {
+ 		if (!buf->b_p_bl)	// skip unlisted buffers
+ 		    continue;
++	        if (regmatch.regprog == NULL)
++	        {
++	            if (patc != pat)
++		        vim_free(patc);
++	            return FAIL;
++	        }
+ 		p = buflist_match(&regmatch, buf, p_wic);
+ 		if (p != NULL)
+ 		{
+@@ -2789,6 +2792,7 @@ ExpandBufnames(
+ 
+ /*
+  * Check for a match on the file name for buffer "buf" with regprog "prog".
++ * Note that rmp->regprog may become NULL when switching regexp engine.
+  */
+     static char_u *
+ buflist_match(
+@@ -2807,7 +2811,8 @@ buflist_match(
+ }
+ 
+ /*
+- * Try matching the regexp in "prog" with file name "name".
++ * Try matching the regexp in "rmp->regprog" with file name "name".
++ * Note that rmp->regprog may become NULL when switching regexp engine.
+  * Return "name" when there is a match, NULL when not.
+  */
+     static char_u *
+@@ -2819,7 +2824,8 @@ fname_match(
+     char_u	*match = NULL;
+     char_u	*p;
+ 
+-    if (name != NULL)
++    // extra check for valid arguments
++    if (name != NULL && rmp->regprog != NULL)
+     {
+ 	// Ignore case when 'fileignorecase' or the argument is set.
+ 	rmp->rm_ic = p_fic || ignore_case;
+diff --git a/src/testdir/test_buffer.vim b/src/testdir/test_buffer.vim
+index 6039ff8..cef0213 100644
+--- a/src/testdir/test_buffer.vim
++++ b/src/testdir/test_buffer.vim
+@@ -72,6 +72,12 @@ func Test_buf_pattern_invalid()
+   vsplit 00000000000000000000000000
+   silent! buf [0--]\&\zs*\zs*e
+   bwipe!
++
++ " similar case with different code path
++  split 0
++  edit ÿ
++  silent! buf [0--]\&\zs*\zs*0
++  bwipe!
+ endfunc
+ 
+ " vim: shiftwidth=2 sts=2 expandtab
+-- 
+2.27.0
+
diff --git a/vim.spec b/vim.spec
index cf1d1a6fecd49e69ee8ed0350e2a1725602af9ca..bba56ed948f7644e40a35a542f8999f34800cc1d 100644
--- a/vim.spec
+++ b/vim.spec
@@ -11,7 +11,7 @@
 Name:           vim
 Epoch:          2
 Version:        8.2
-Release:        49
+Release:        50
 Summary:        Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
 License:        Vim and MIT
 URL:            http://www.vim.org
@@ -150,6 +150,7 @@ Patch6116:      backport-CVE-2022-2522.patch
 Patch6117:      backport-patch-8.2.0310-autocmd-test-fails-on-a-slow-system.patch
 Patch6118:      backport-CVE-2022-2598.patch
 Patch6119:      backport-CVE-2022-2571.patch
+Patch6120:      backport-CVE-2022-1725.patch
 
 Patch9000:      bugfix-rm-modify-info-version.patch
 Patch9001:      remove-failed-tests-due-to-patch.patch
@@ -552,6 +553,12 @@ LC_ALL=en_US.UTF-8 make -j1 test
 %{_mandir}/man1/evim.*
 
 %changelog
+* Mon Aug 08 2022 dongyuzhen <dongyuzhen@h-partners.com> - 2:8.2-50
+- Type:CVE
+- ID:CVE-2022-1725
+- SUG:NA
+- DESC:fix CVE-2022-1725
+
 * Tue Aug 02 2022 shixuantong <shixuantong@h-partners.com> - 2:8.2-49
 - Type:CVE
 - ID:CVE-2022-2598 CVE-2022-2571