diff --git a/0001-fix-cve-CVE-2025-8067.patch b/0001-fix-cve-CVE-2025-8067.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7c150c941893772b848a7f8f14c38b21b08d712f
--- /dev/null
+++ b/0001-fix-cve-CVE-2025-8067.patch
@@ -0,0 +1,25 @@
+From 68025c1a2d323be334d2d755d9a035460271d3e0 Mon Sep 17 00:00:00 2001
+From: zhuhongbo <zhuhongbo@uniontech.com>
+Date: Thu, 4 Dec 2025 16:21:36 +0800
+Subject: [PATCH] fix cve CVE-2025-8067
+
+---
+ src/udiskslinuxmanager.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/udiskslinuxmanager.c b/src/udiskslinuxmanager.c
+index 51498dc..b65f766 100644
+--- a/src/udiskslinuxmanager.c
++++ b/src/udiskslinuxmanager.c
+@@ -359,7 +359,7 @@ handle_loop_setup (UDisksManager          *object,
+     goto out;
+ 
+   fd_num = g_variant_get_handle (fd_index);
+-  if (fd_list == NULL || fd_num >= g_unix_fd_list_get_length (fd_list))
++  if (fd_list == NULL || fd_num < 0 || fd_num >= g_unix_fd_list_get_length (fd_list))
+     {
+       g_dbus_method_invocation_return_error (invocation,
+                                              UDISKS_ERROR,
+-- 
+2.39.3
+
diff --git a/udisks2.spec b/udisks2.spec
index a619154925c4d8a7b3d2c1ea8d0fbbe001e95640..8100e8f0d3572821316ed63686f0f97a7beb6ff5 100644
--- a/udisks2.spec
+++ b/udisks2.spec
@@ -14,11 +14,12 @@
 Name:    udisks2
 Summary: Disk Manager
 Version: 2.8.4
-Release: 1%{?dist}
+Release: 1%{?dist}.2
 License: GPLv2+
 Group:   System Environment/Libraries
 URL:     https://github.com/storaged-project/udisks
 Source0: https://github.com/storaged-project/udisks/releases/download/udisks-%{version}/udisks-%{version}.tar.bz2
+Patch0:  0001-fix-cve-CVE-2025-8067.patch
 
 BuildRequires: glib2-devel >= %{glib2_version}
 BuildRequires: gobject-introspection-devel >= %{gobject_introspection_version}
@@ -148,6 +149,7 @@ dynamic library, which provides access to the udisksd daemon.
 
 %prep
 %setup -q -n udisks-%{version}
+%patch0 -p1
 
 %build
 sed -i 's/blockdev >= 2.19/blockdev >= 2.18/' configure.ac
@@ -269,6 +271,9 @@ udevadm trigger
 
 # Note: please don't forget the %{?dist} in the changelog. Thanks
 %changelog
+* Wed Dec 03 2025 zhuhongbo <zhuhongbo@uniontech.com> - 2.8.4-1.2
+- cve: fix cve CVE-2025-8067
+
 * Fri Aug 16 2019 Tomas Bzatek <tbzatek@redhat.com> - 2.8.4-1
 - Rebase to upstream 2.8.4 release (#1684917)