diff --git a/101-bugfix-for-CVE-2025-9230.patch b/101-bugfix-for-CVE-2025-9230.patch
new file mode 100644
index 0000000000000000000000000000000000000000..500180b56f2b9480626c61b2b815c32705598c62
--- /dev/null
+++ b/101-bugfix-for-CVE-2025-9230.patch
@@ -0,0 +1,31 @@
+From a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def Mon Sep 17 00:00:00 2001
+From: Viktor Dukhovni <openssl-users@dukhovni.org>
+Date: Thu, 11 Sep 2025 18:10:12 +0200
+Subject: [PATCH] kek_unwrap_key(): Fix incorrect check of unwrapped key size
+
+Fixes CVE-2025-9230
+
+The check is off by 8 bytes so it is possible to overread by
+up to 8 bytes and overwrite up to 4 bytes.
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(cherry picked from commit 9c462be2cea54ebfc62953224220b56f8ba22a0c)
+---
+ crypto/cms/cms_pwri.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
+index d5c3c8d399dfd..33a7ccaa76a3a 100644
+--- a/crypto/cms/cms_pwri.c
++++ b/crypto/cms/cms_pwri.c
+@@ -229,7 +229,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
+         /* Check byte failure */
+         goto err;
+     }
+-    if (inlen < (size_t)(tmp[0] - 4)) {
++    if (inlen < 4 + (size_t)tmp[0]) {
+         /* Invalid length value */
+         goto err;
+     }
diff --git a/openssl.spec b/openssl.spec
index 1551001003439c8a2a8103635379a83525c9d6c3..9e7af1fecde7ac9a61fa4229524534448183f2ff 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -1,4 +1,4 @@
-%define anolis_release 14
+%define anolis_release 15
 %global soversion 3
 
 %define srpmhash() %{lua:
@@ -115,6 +115,7 @@ Patch58: 1008-fix-CVE-2024-9143.patch
 Patch59: 1009-fix-CVE-2024-13176.patch
 
 Patch100: add-sw_64-support.patch
+Patch101: 101-bugfix-for-CVE-2025-9230.patch
 
 BuildRequires:  gcc git coreutils perl-interpreter sed zlib-devel /usr/bin/cmp
 BuildRequires:  lksctp-tools-devel
@@ -319,6 +320,9 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/{openssl.cnf.dist,ct_log_list.cnf.di
 %doc NEWS.md README.md
 
 %changelog
+* Tue Oct 21 2025 tomcruiseqi <tomcruiseqi@inspur.com> - 1:3.0.12-15
+- Fix CVE-2025-9230
+
 * Thu Jul 10 2025 mgb01105731 <mgb01105731@alibaba-inc.com> 1:3.0.12-14
 - Add patch to fix CVE-2024-13176