diff --git a/0001-Fix-CVE-2025-2915.patch b/0001-Fix-CVE-2025-2915.patch
new file mode 100644
index 0000000000000000000000000000000000000000..1e10758181f6378ec5c9597bbf267464b2ec643b
--- /dev/null
+++ b/0001-Fix-CVE-2025-2915.patch
@@ -0,0 +1,48 @@
+From 1508f3f15c2b0225fbd404a18ae27238f6f59c6e Mon Sep 17 00:00:00 2001
+From: Glenn Song <gsong@hdfgroup.org>
+Date: Thu, 16 Oct 2025 17:02:23 -0500
+Subject: [PATCH] Fixed a heap-based buffer overflow in H5F__accum_free caused
+ by an integer overflow when calculating new_accum_size. Added validation in
+ H5O__mdci_decode to detect and reject invalid values early, preventing the
+ overflow condition.
+
+---
+ src/H5Faccum.c       | 3 +++
+ src/H5Ocache_image.c | 7 +++++++
+ 2 files changed, 10 insertions(+)
+
+diff --git a/src/H5Faccum.c b/src/H5Faccum.c
+index 5fabf52..53f90fb 100644
+--- a/src/H5Faccum.c
++++ b/src/H5Faccum.c
+@@ -879,6 +879,9 @@ H5F__accum_free(H5F_shared_t *f_sh, H5FD_mem_t H5_ATTR_UNUSED type, haddr_t addr
+ 
+                 /* Calculate the size of the overlap with the accumulator, etc. */
+                 H5_CHECKED_ASSIGN(overlap_size, size_t, (addr + size) - accum->loc, haddr_t);
++                /* Sanity check */
++                /* Overlap size should not result in "negative" value after subtraction */
++                assert(overlap_size < accum->size);
+                 new_accum_size = accum->size - overlap_size;
+ 
+                 /* Move the accumulator buffer information to eliminate the freed block */
+diff --git a/src/H5Ocache_image.c b/src/H5Ocache_image.c
+index d91b463..c0ab004 100644
+--- a/src/H5Ocache_image.c
++++ b/src/H5Ocache_image.c
+@@ -116,6 +116,13 @@ H5O__mdci_decode(H5F_t *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUSE
+         HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+     H5F_DECODE_LENGTH(f, p, mesg->size);
+ 
++    if (mesg->addr >= (HADDR_UNDEF - mesg->size))
++        HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "address plus size overflows");
++    if (mesg->addr == HADDR_UNDEF)
++        HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "address is undefined");
++    if ((mesg->addr + mesg->size) > H5F_get_eoa(f, H5FD_MEM_SUPER))
++        HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "address plus size exceeds file eoa");
++
+     /* Set return value */
+     ret_value = (void *)mesg;
+ 
+-- 
+2.43.5
+
diff --git a/hdf5.spec b/hdf5.spec
index 23776585a684caac0e624a64f02c3e36cd6e3c21..2ec65237513895d0344501a067719d6e415068d2 100644
--- a/hdf5.spec
+++ b/hdf5.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 
 %global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
 %global so_version 310
@@ -28,6 +28,8 @@ Patch0: hdf5-build.patch
 # https://github.com/HDFGroup/hdf5/pull/4924
 Patch1: hdf5-float128.patch
 Patch2: hdf5-wrappers.patch
+# https://github.com/HDFGroup/hdf5/pull/5746
+Patch3: 0001-Fix-CVE-2025-2915.patch
 
 BuildRequires: gcc-gfortran
 %if %{with java}
@@ -464,6 +466,9 @@ fi
 
 
 %changelog
+* Thu Nov 13 2025 YangCheng <yc02267530@alibaba-inc.com> - 1.14.5-1
+- Add patch to fix CVE-2025-2915
+
 * Tue Jun 10 2025 mgb01105731 <mgb01105731@alibaba-inc.com> - 1.14.5-1
 - Update to 1.14.5 to fix CVEs
 - Delete patchs because the new version no longer requires it