diff --git a/CVE-2025-40928-r1.patch b/CVE-2025-40928-r1.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f1d258c12a3d0f87decc7a4ce2e54df1c57f675f
--- /dev/null
+++ b/CVE-2025-40928-r1.patch
@@ -0,0 +1,31 @@
+--- a/XS.xs	2025-09-06 08:34:51.376455632 -0300
++++ b/XS.xs	2025-09-06 08:35:30.725873619 -0300
+@@ -253,16 +253,16 @@
+   // if we recurse too deep, skip all remaining digits
+   // to avoid a stack overflow attack
+   if (expect_false (--maxdepth <= 0))
+-    while (((U8)*s - '0') < 10)
++    while ((U8)(*s - '0') < 10)
+       ++s;
+ 
+   for (;;)
+     {
+-      U8 dig = (U8)*s - '0';
++      U8 dig = *s - '0';
+ 
+       if (expect_false (dig >= 10))
+         {
+-          if (dig == (U8)((U8)'.' - (U8)'0'))
++          if (dig == (U8)('.' - '0'))
+             {
+               ++s;
+               json_atof_scan1 (s, accum, expo, 1, maxdepth);
+@@ -282,7 +282,7 @@
+               else if (*s == '+')
+                 ++s;
+ 
+-              while ((dig = (U8)*s - '0') < 10)
++              while ((dig = (U8)(*s - '0')) < 10)
+                 exp2 = exp2 * 10 + *s++ - '0';
+ 
+               *expo += neg ? -exp2 : exp2;
diff --git a/perl-JSON-XS.spec b/perl-JSON-XS.spec
index 4fa9efef43d272833045ec7b9d94a7df655e5f43..375a309ac4d09bc9a1200e9b3254cbb6d21a69b4 100644
--- a/perl-JSON-XS.spec
+++ b/perl-JSON-XS.spec
@@ -2,11 +2,12 @@ Name:           perl-JSON-XS
 Summary:        JSON serializing/de-serializing, done correctly and fast
 Epoch:          1
 Version:        4.03
-Release:        2
+Release:        3
 License:        GPL-1.0-or-later OR Artistic-1.0-Perl
 Group:          Development/Libraries
 URL:            https://metacpan.org/release/JSON-XS
 Source0:        https://cpan.metacpan.org/authors/id/M/ML/MLEHMANN/JSON-XS-%{version}.tar.gz
+Patch0:         CVE-2025-40928-r1.patch
 
 BuildRequires:  coreutils gcc make perl-devel perl-generators perl-interpreter
 BuildRequires:  perl(Canary::Stability) perl(ExtUtils::MakeMaker) >= 6.76
@@ -26,7 +27,7 @@ reach the latter goal it was written in C.
 %package_help
 
 %prep
-%autosetup -n JSON-XS-%{version}
+%autosetup -n JSON-XS-%{version} -p1
 
 sed -i 's/\r//' t/*
 perl -pi -e 's|^#!/opt/bin/perl|#!%{__perl}|' eg/*
@@ -54,6 +55,9 @@ make test
 %{_mandir}/man[13]/*
 
 %changelog
+* Tue Sep 09 2025 Yu Peng <yupeng@kylinos.cn> - 1:4.03-3
+- Fix CVE-2025-40928.
+
 * Sat Jan 18 2025 Funda Wang <fundawang@yeah.net> - 1:4.03-2
 - drop useless perl(:MODULE_COMPAT) requirement