diff --git a/10-bugfix-for-CVE-2025-27219.patch b/10-bugfix-for-CVE-2025-27219.patch
new file mode 100644
index 0000000000000000000000000000000000000000..733bc241e1f0648de9de73307ebdd26e5b2b089f
--- /dev/null
+++ b/10-bugfix-for-CVE-2025-27219.patch
@@ -0,0 +1,27 @@
+From fd8162a42ff3e4004b940030cfe34ce7a44a7e23 Mon Sep 17 00:00:00 2001
+From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
+Date: Fri, 21 Feb 2025 16:01:17 +0900
+Subject: [PATCH] Use String#concat instead of String#+ for reducing cpu usage
+
+Co-authored-by: "Yusuke Endoh" <mame@ruby-lang.org>
+---
+ lib/cgi/cookie.rb | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
+index 1a9c1a82c1..7b8e761a94 100644
+--- a/lib/cgi/cookie.rb
++++ b/lib/cgi/cookie.rb
+@@ -190,9 +190,10 @@ def self.parse(raw_cookie)
+         values ||= ""
+         values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
+         if cookies.has_key?(name)
+-          values = cookies[name].value + values
++          cookies[name].concat(values)
++        else
++          cookies[name] = Cookie.new(name, *values)
+         end
+-        cookies[name] = Cookie.new(name, *values)
+       end
+ 
+       cookies
diff --git a/ruby.spec b/ruby.spec
index 6da11824fc06f8ef3c57c6a5f753d7a2ab8270cd..8c2fa53f50eea9d181b7668ccc09825c19b867dd 100644
--- a/ruby.spec
+++ b/ruby.spec
@@ -1,4 +1,4 @@
-%define anolis_release 3
+%define anolis_release 4
 %global major_version 3
 %global minor_version 3
 %global teeny_version 7
@@ -106,6 +106,7 @@ Patch6: %{name}-3.1.0-Don-t-query-RubyVM-FrozenCore-for-class-path.patch
 Patch7: %{name}-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch
 Patch8: 8-bugfix-for-CVE-2025-27221.patch
 Patch9: 9-bugfix-for-CVE-2025-27221.patch
+Patch10: 10-bugfix-for-CVE-2025-27219.patch
 
 Suggests: rubypick
 Requires: %{name}-libs = %{version}-%{release}
@@ -1195,6 +1196,9 @@ rm -rf %{buildroot}%{gem_dir}/gems/rake-%{rake_version}/.github
 %{_datadir}/ri
 
 %changelog
+* Wed Jul 09 2025 tomcruiseqi <tomcruiseqi@inspur.com> - 3.3.7-4
+- Fix CVE-2025-27219
+
 * Fri Jul 04 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 3.3.7-3
 - Fix CVE-2025-27221