diff --git a/CVE-2025-61962.patch b/CVE-2025-61962.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f2e4f2bf5d648564e4da9e2fb2e02134cadef8d3
--- /dev/null
+++ b/CVE-2025-61962.patch
@@ -0,0 +1,53 @@
+From 791e4776965d27d1718c1af7c0b242cb12307824 Mon Sep 17 00:00:00 2001
+From: Matthias Andree <matthias.andree@gmx.de>
+Date: Fri, 3 Oct 2025 13:11:59 +0200
+Subject: [PATCH] Security fix: avoid NULL+1 deref on invalid AUTH reply
+
+When fetchmail receives a 334 reply from the SMTP server
+that does not contain the mandated blank after that response
+code, it will attempt reading from memory location 1, which
+will usually lead to a crash.
+
+The simpler fix would have been to check for four bytes "334 "
+instead of three bytes "334" but that would make malformed
+replies and those that don't match the expected reply code
+indistinguishable.
+
+(cherry picked from commit 4c3cebfa4e659fb778ca2cae0ccb3f69201609a8)
+
+Origin: https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8
+---
+ smtp.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/smtp.c b/smtp.c
+index 8295c49ab..9a89ef09a 100644
+--- a/smtp.c
++++ b/smtp.c
+@@ -92,6 +92,11 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password,
+ 		}
+ 
+ 		p = strchr(tmp, ' ');
++		if (!p) {
++			report(stderr, "%s: \"%s\"\n", GT_("Malformed server reply"), visbuf(tmp));
++			SMTP_auth_error(sock, "");
++			return;
++		}
+ 		p++;
+ 		/* (hmh) from64tobits will not NULL-terminate strings! */
+ 		if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
+@@ -145,6 +150,11 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password,
+ 		}
+ 
+ 		p = strchr(tmp, ' ');
++		if (!p) {
++			report(stderr, "%s: \"%s\"\n", GT_("Malformed server reply"), visbuf(tmp));
++			SMTP_auth_error(sock, "");
++			return;
++		}
+ 		p++;
+ 		if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
+ 			SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n"));
+-- 
+GitLab
+
diff --git a/fetchmail.spec b/fetchmail.spec
index 6ce95d0e6532cb41e23baaa1443c9baef400d267..cee73efca789b3a061c4a482d4043f08855ff4a2 100644
--- a/fetchmail.spec
+++ b/fetchmail.spec
@@ -1,13 +1,14 @@
 Summary:             A remote mail retrieval and forwarding utility
 Name:                fetchmail
 Version:             6.4.22
-Release:             2
+Release:             3
 URL:                 http://www.fetchmail.info/
 License:             GPL+ and Public Domain
 Source0:             http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz
 Source1:             http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz.asc
 Source2:             fetchmail.service
 Source3:             fetchmailrc.example
+Patch0:              CVE-2025-61962.patch
 BuildRequires:       gcc gettext-devel krb5-devel openssl-devel systemd python3-devel
 %description
 Fetchmail is a remote mail retrieval and forwarding utility intended
@@ -20,7 +21,7 @@ Install fetchmail if you need to retrieve mail over SLIP or PPP
 connections.
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 %configure --enable-POP3 --enable-IMAP --with-ssl --without-hesiod \
@@ -49,6 +50,9 @@ rm -f $RPM_BUILD_ROOT%{python3_sitelib}/__pycache__/fetchmailconf*
 %config(noreplace) %attr(0600, mail, mail) %{_sysconfdir}/fetchmailrc.example
 
 %changelog
+* Thu Oct 09 2025 yapxin <1024769339@qq.com> - 6.4.22-3
+- Fix CVE-2025-61962
+
 * Mon Nov 21 2022 yaoxin <yaoxin30@h-partners.com> - 6.4.22-2
 - Modify invalid Source