diff --git a/backport-CVE-2025-50952.patch b/backport-CVE-2025-50952.patch
new file mode 100644
index 0000000000000000000000000000000000000000..00bf16856fa92187a0c685c5d8ea5676f0a1b2e1
--- /dev/null
+++ b/backport-CVE-2025-50952.patch
@@ -0,0 +1,30 @@
+From d903fbb4ab9ccf9b96c8bc7398fafc0007505a37 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 18 Feb 2024 17:17:00 +0100
+Subject: [PATCH] opj_dwt_decode_tile(): avoid potential
+ UndefinedBehaviorSanitizer 'applying zero offset to null pointer' (fixes
+ #1505)
+
+Conflict: NA
+Reference: https://github.com/uclouvain/openjpeg/pull/1510/commits/d903fbb4ab9ccf9b96c8bc7398fafc0007505a37
+
+---
+ src/lib/openjp2/dwt.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c
+index abc500eca..6b18c5dd6 100644
+--- a/src/lib/openjp2/dwt.c
++++ b/src/lib/openjp2/dwt.c
+@@ -2083,7 +2083,9 @@ static OPJ_BOOL opj_dwt_decode_tile(opj_thread_pool_t* tp,
+     OPJ_SIZE_T h_mem_size;
+     int num_threads;
+ 
+-    if (numres == 1U) {
++    /* Not entirely sure for the return code of w == 0 which is triggered per */
++    /* https://github.com/uclouvain/openjpeg/issues/1505 */
++    if (numres == 1U || w == 0) {
+         return OPJ_TRUE;
+     }
+     num_threads = opj_thread_pool_get_thread_count(tp);
+
diff --git a/openjpeg2.spec b/openjpeg2.spec
index 7859011e767b72006dd11064d295ce6daadeb686..a232eda6c60e522dbf7a4a0f280723318139a357 100644
--- a/openjpeg2.spec
+++ b/openjpeg2.spec
@@ -1,6 +1,6 @@
 Name:           openjpeg2
 Version:        2.5.0
-Release:        6
+Release:        7
 Summary:        C-Library for JPEG 2000
 License:        BSD and MIT
 URL:            https://github.com/uclouvain/openjpeg
@@ -11,6 +11,7 @@ Patch1:         backport-CVE-2023-39328.patch
 Patch2:         backport-CVE-2021-3575.patch
 Patch3:         backport-CVE-2024-56826.patch
 Patch4:         backport-CVE-2024-56827.patch
+Patch5:         backport-CVE-2025-50952.patch
 
 BuildRequires:  cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen java-devel
 BuildRequires:  jbigkit-devel libjpeg-turbo-devel
@@ -101,6 +102,9 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
 %{_bindir}/opj2_dump
 
 %changelog
+* Fri Aug 8 2025 zhangpan <zhangpan103@h-partners.com> - 2.5.0-7
+- fix CVE-2025-50952
+
 * Tue Jan 7 2025 changtao <changtao@kylinos.cn> - 2.5.0-6
 - Type: CVE
 - CVE: CVE-2024-56827